OpenVPN is GDPR Compliant

Access Server and CloudConnexa are GDPR CompliantOpenVPN strictly adheres to general data protection regulation (GDPR) for all residents of the EU and EEA.

What is GDPR compliance and why does it matter?

GDPR outlines strict data protection rights for all residents of the EU and the European Economic Area. GDPR requires businesses to disclose and adhere to data retention and deletion rules regarding any personal information, including email addresses.

All requests must be accommodated

OpenVPN responds to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To exercise your rights to delete your personal data under the GDPR, you can request account deactivation and deletion by contacting OpenVPN support.

GDPR allows you to withdraw consent at any time

If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.

GDPR compliance requires implementation of appropriate security measures

These include the obligation to implement appropriate security measures, according to the risk involved in the data processing operations they perform. Compliance also requires companies to notify customers and users of personal data breaches.

GDPR compliance requires ongoing evaluation

GDPR compliance requires periodic maintenance, meaning compliance is an ongoing practice.

Additional OpenVPN Security Measures

We keep your business safe so you can do the same for your customers. In addition to GDPR, OpenVPN is also HIPAA and SOC 2 compliant. OpenVPN also includes additional security measures, including:

Built on the OpenVPN Open Source Protocol

OpenVPN is built on the time-tested, secure OpenVPN open source protocol trusted by millions.

Encrypted Data

OpenVPN encrypts your data and requires that all employees use SSO.

Vulnerability Management

OpenVPN's vulnerability management program ensures the confidentiality, integrity, and availability (CIA) of the organization's information systems landscape, which includes all critical system resources.

Strict Hardening Settings

OpenVPN adopts its system hardening settings from the most restrictive baselines from Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), and/or public CSP baseline configurations.

Third-party Validation

OpenVPN continually seeks third-party certification and validation of our security procedures.

Risk Assessments

OpenVPN has designed a risk assessment program to assess the organization's enterprise-level risk at least annually or upon significant changes to the environment.

Level Up Your Network Security with OpenVPN

OpenVPN CloudConnexa and Access Server include security features that help keep your customers' data safe.

Learn About CloudConnexa Learn About Access Server