What is GDPR?
The General Data Protection Regulation, or GDPR, is an upcoming EU regulation that establishes a new legal framework to protect the personal data of EU residents. The GDPR is the most significant piece of European data protection legislation since the EU Data Protection Directive of 1995, and many companies – including Oakwood –are investing heavily in GDPR compliance.
The GDPR aims to harmonize and bring data protection laws across Europe up to speed with the rapid technological change that has occurred in the past two decades. It builds upon the current legal framework in the EU and introduces new obligations and liabilities for organizations that handle personal data, as well as new rights for individuals in respect to their own personal data. Organizations that are established in the EU, as well as organizations that process personal data of EU residents, are required to comply with the GDPR. The GDPR went into effect on May 25, 2018.
As this important date draws near, our clients are increasingly focused on the real-world implications of this new law and how their downstream vendors and suppliers plan on reaching compliance.
What the GDPR means to Oakwood
Trust is the foundation of our relationship with millions of people and businesses around the world. We value the confidence our clients, and their guests, have put in us to protect their personal information. We take this responsibility seriously and are actively working to increase our data security and privacy measures.
To this end, Oakwood has dedicated a cross-functional team consisting of legal counsel, data security, and compliance professionals to specifically analyze and address the new requirements of GDPR. We have an in-house GDPR Project Manager and are working with an external privacy consultancy firm.
Our Security Infrastructure and Certifications
Protecting our guest’s information and privacy is extremely important to us. As a third party processor for your employees’ data, we’ve set high standards for security.
Our global data center continues to be SOC1, SOC2, and ISO 27001 compliant. Security assessments are performed on a regular and as-needed basis and critical findings are remediated immediately. Personnel required to access client confidential data have been screened for background and criminal background checks.
Oakwood has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, we will continue to meet its obligations and offer contractual assurances.
We've conducted a full assessment with an outside privacy consultancy firm to know where we stand
We've sent out addendums to all of our suppliers and vendors and signed contract updates sent to us by some of our clients
We're getting our systems ready to comply with any data requests we receive from guests or employees concerning their data rights
Oakwood will work towards a formal Data Privacy Program to make sure we're continuously applying data protection to all personal data within Oakwood and that we are compliant with all data privacy regulations in all of the different countries we operate in
Data flow maps help us to identify which guest and employee data is flowing through Oakwood and through which IT system
Based on the data flow maps, Privacy Impact Assessments (PIA's) help us to assess where our data risks are
All Oakwood employees will receive training for ongoing data privacy practices
Fulfilling our privacy and data security commitments is important to us. This page will be revised to reflect GDPR-related information as it becomes available. If you have any additional questions, we hope you’ll reach out to us at GDPR@oakwood.com.