Okta Demonstrates Commitment to Trust and the General Data Protection Regulation With EU Cloud Code of Conduct Adherence

Okta has obtained EU Cloud Code of Conduct (EU Cloud CoC) Level 2 Adherence. As the only pan-European code of conduct for cloud providers, the EU Cloud CoC received positive opinion from the European Data Protection Board (EDPB) and was subsequently approved by the Belgian Data Protection Authority in 2021. 

Designed specifically for B2B cloud service providers in their role as a processor, the EU Cloud CoC was established to harmonise compliance with the EU’s General Data Protection Regulation (GDPR) across the entire cloud industry and bring trust and transparency to organisations sourcing cloud services in Europe. The adherence demonstrates Okta’s commitment to maintaining rigorous data protection safeguards in line with its processor obligations pursuant to the GDPR. Our cloud services have achieved the second level of adherence. This designation has been supported through a rigorous review of Okta’s data protection and privacy measures, and Okta’s independent third-party certifications and audits.

At Okta, we are committed to striking the right balance between privacy and innovation, and most importantly, building trust with our customers. It’s vital that we demonstrate that we have taken every measure to secure and protect the data entrusted to us by our customers. 

The EU Cloud CoC joins a long list of standards Okta adheres to independently, including but not limited to ISO 27001:2013 certifications, as well as ISO 27018:2019 and ISO 27017 compliance, SOC 2 Type II, and CSA Star Level 2. 

Achieving the EU Cloud CoC is an important step toward delivering trusted and secure services to our customers in the EU. Okta has opened new offices in Barcelona, Dublin and Paris this year, strengthening our proximity to customers throughout the region. We are dedicated to efforts supporting an environment of trust and transparency in cloud computing in all regions where we do business. 

The EU Cloud CoC scope is now binding for the following Okta solutions, including:

Single Sign-On

Adaptive Multi-Factor Authentication

Universal Directory

Lifecycle Management

Advance Server Access

Identity Governance

Access Gateway


API Access Management

The adherence is explicitly described in our Data Processing Addendum (DPA), which customers and prospects can access via Okta's Trust & Compliance Portal.