Data Privacy Laws
As a global company, Oakwood Worldwide ensures that it complies with data privacy laws in all geographical regions it operates in.
The General Data Protection Regulation (GDPR) is EU regulation that establishes a legal framework to protect the personal data of EU residents.
Privacy laws in other countries, such as e.g. the Singapore Personal Data Protection Act (DPDA) or California’s new Consumer Right to Privacy Act aim to provide similar protections to its residents.
Our clients are increasingly focused on the real-world implications of these new laws and how their downstream vendors and suppliers plan on reaching compliance.
What data privacy and security means to Oakwood
Trust is the foundation of our relationship with millions of people and businesses around the world. We value the confidence our clients and their guests, have put in us to protect their personal information. We take this responsibility seriously and are actively working to increase our data security and privacy measures.
To this end, Oakwood has dedicated a cross-functional team consisting of legal counsel, data security, and compliance professionals to specifically analyze and address the new requirements of the GDPR. We have an in-house GDPR Project Manager and have worked with an external privacy consultancy firm.
Our Security Infrastructure and Certifications
Protecting our guest’s information and privacy is extremely important to us. As a third party processor for your employees’ data, we’ve set high standards for security.
Our global data center continues to be SOC1, SOC2, and ISO 27001 compliant. Security assessments are performed on a regular and as-needed basis and critical findings are remediated immediately. Personnel required to access client confidential data have been screened for background and criminal background checks.
Oakwood has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, we will continue to meet its obligations and offer contractual assurances.
We've conducted a full assessment with an outside privacy consultancy firm to know where we stand
We've sent out addendums to all of our suppliers and vendors and signed contract updates sent to us by some of our clients
We're getting our systems ready to comply with any data requests we receive from guests or employees concerning their data rights
Oakwood will work towards a formal Data Privacy Program to make sure we're continuously applying data protection to all personal data within Oakwood and that we are compliant with all data privacy regulations in all of the different countries we operate in
Data flow maps help us to identify which guest and employee data is flowing through Oakwood and through which IT system
Based on the data flow maps, Privacy Impact Assessments (PIA's) help us to assess where our data risks are
All Oakwood employees will receive training for ongoing data privacy practices