“The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years”.
Find out how cidaas can support your company to become GDPR-ready.
In April 2016, the GDPR was finally approved by the EU Parliament. On 25 May 2018, it will come into effect.
What you need to know:
The GDPR is the new uniform data protection regulation across the European Union. European law holds precedence over conflicting national laws.
The directive is binding in its entirety and directly applicable in all EU member states. Thereby, companies with customers based in the EU too are affected.
The GDPR serves to strengthen the protection of personal data and the rights of data subjects.
The requirements set forth by the GDRP are strict. Violations are punished by high fines up to 4 percent of the annual sales.
How Customer Identity Management can support the implementation of the GDPR:
1. Consent Management
Informational self-determination of every single individual provides the basis of the GDRP. As soon as the data subject gives his unambiguous consent, or a legal allowance is granted the data processing is permitted (principle of prohibition).
Which legal requirements have to be met?
- Companies should collect the consent of the data subject at the start of data collection e.g. during the registration process or if a change of the purpose of use occurs (art. 6 (1) point (a) GDPR)
- The data subject can withdraw his or her consent. The withdrawal shall be as easy as giving consent (art. 7 (3) GDPR)
- The company must provide a proof of consent on request (formal requirement, mandatory record) (Art. 7 Abs. 1 EU-DSGVO)
Cidaas provides a built-in Consent Mangement feature, which allows companies to manage the consent of their customers in a GDRP compliant Consent Management System.
2. User Self-Service
- According to art. 5 (1) point d) personal data needs to be kept accurate and up-to-date. The cidaas‘ User Self-Service companies can hand back control to the users and ensure, that the data is up-to-date.
- Under the GDPR companies have a reinforced information obligation. A User Self-Service portal supports to comply with these obligations.
3. Multi-Factor-Authentication
The GDPR requires the implementation of technical and organizational measures (TOM) to protect personal data. Cidaas provides high security with techniques like Multi-Factor-Authentication and biometric login methods (art. 32 GDPR).
4. User Management
The right of deletion is another part of GDPR. Cidaas‘ User Management simplifies the management of customer profiles and with that, fulfill the requirement of deleting personal data on request (art. 13 GDPR).
5. A single identity across multiple platforms
Companies take a significant step forward being GDPR compliant, having a single identity across all platforms, apps etc. instead of multiple separated user profiles.
6. Role and Group Management
Cidaas guards personal data and protects them against unauthorized access. Moreover, cidaas logs/records continuously, as to who accessed and edited what data. Thus, every data entry, edit, delete made on personal data is clear (art. 5 (1) point f) GDPR).