Data Protection

Oakwood's GDPR Compliance Journey

What is GDPR?

The General Data Protection Regulation, or GDPR, is an upcoming EU regulation that establishes a new legal framework to protect the personal data of EU residents. The GDPR is the most significant piece of European data protection legislation since the EU Data Protection Directive of 1995, and many companies – including Oakwood –are investing heavily in GDPR compliance.

The GDPR aims to harmonize and bring data protection laws across Europe up to speed with the rapid technological change that has occurred in the past two decades. It builds upon the current legal framework in the EU and introduces new obligations and liabilities for organizations that handle personal data, as well as new rights for individuals in respect to their own personal data. Organizations that are established in the EU, as well as organizations that process personal data of EU residents, are required to comply with the GDPR. The GDPR went into effect on May 25, 2018.

As this important date draws near, our clients are increasingly focused on the real-world implications of this new law and how their downstream vendors and suppliers plan on reaching compliance.

What the GDPR means to Oakwood

Trust is the foundation of our relationship with millions of people and businesses around the world. We value the confidence our clients, and their guests, have put in us to protect their personal information. We take this responsibility seriously and are actively working to increase our data security and privacy measures.

To this end, Oakwood has dedicated a cross-functional team consisting of legal counsel, data security, and compliance professionals to specifically analyze and address the new requirements of GDPR. We have an in-house GDPR Project Manager and are working with an external privacy consultancy firm.

Our Security Infrastructure and Certifications

Protecting our guest’s information and privacy is extremely important to us. As a third party processor for your employees’ data, we’ve set high standards for security.

Our global data center continues to be SOC1, SOC2, and ISO 27001 compliant. Security assessments are performed on a regular and as-needed basis and critical findings are remediated immediately. Personnel required to access client confidential data have been screened for background and criminal background checks.

Oakwood has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, we will continue to meet its obligations and offer contractual assurances.

What has been done?
Where are we going?

Stay Updated

Fulfilling our privacy and data security commitments is important to us. This page will be revised to reflect GDPR-related information as it becomes available. If you have any additional questions, we hope you’ll reach out to us at