Person using laptop computer with animated icons

Data Protection

Data Privacy Laws

As a global company, Oakwood Worldwide ensures that it complies with data privacy laws in all geographical regions it operates in.

The General Data Protection Regulation (GDPR) is EU regulation that establishes a legal framework to protect the personal data of EU residents.

Privacy laws in other countries, such as e.g. the Singapore Personal Data Protection Act (DPDA) or California’s new Consumer Right to Privacy Act aim to provide similar protections to its residents.

Our clients are increasingly focused on the real-world implications of these new laws and how their downstream vendors and suppliers plan on reaching compliance.

What data privacy and security means to Oakwood

Trust is the foundation of our relationship with millions of people and businesses around the world. We value the confidence our clients and their guests, have put in us to protect their personal information. We take this responsibility seriously and are actively working to increase our data security and privacy measures.

To this end, Oakwood has dedicated a cross-functional team consisting of legal counsel, data security, and compliance professionals to specifically analyze and address the new requirements of the GDPR. We have an in-house GDPR Project Manager and have worked with an external privacy consultancy firm.

Our Security Infrastructure and Certifications

Protecting our guest’s information and privacy is extremely important to us. As a third party processor for your employees’ data, we’ve set high standards for security.

Our global data center continues to be SOC1, SOC2, and ISO 27001 compliant. Security assessments are performed on a regular and as-needed basis and critical findings are remediated immediately. Personnel required to access client confidential data have been screened for background and criminal background checks.

Oakwood has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, we will continue to meet its obligations and offer contractual assurances.

What has been done?

We’ve implemented a formal Data Privacy Program to make sure we're continuously applying data protection to all personal data within Oakwood and that we are compliant with all data privacy regulations in all of the different countries we operate in.

We've conducted a full assessment with an outside privacy consultancy firm to know where we stand.

We’ve created Data flow maps that identify which guest and employee data is flowing through which Oakwood IT system.

Based on the data flow maps, Privacy Impact Assessments (PIA's) help us to assess where our data risks are.

We've sent out data privacy addendums to all of our suppliers and vendors and signed privacy related contract updates sent to us by some of our clients.

We've updated our
Privacy Policy, Cookie Policy, Cookie Consent banners, Employee Privacy Notice and the Oakwood Incident and Data Breach Response Plan.

We're getting our systems ready to comply with any data requests we receive from guests or employees concerning their data rights.

All Oakwood employees have received training for ongoing secure data privacy practices.

Stay Updated

Fulfilling our privacy and data security commitments is important to us. If you have any additional questions, we hope you’ll reach out to us at