General Data Protection Regulation

Our Blog

General Data Protection Regulation

data center server

What is the General Data Protection Regulation (GDPR)?

Every business that operates within the European Union (EU) must meet new data protection rules, or they will be fined heavily (up to EUR20 million or 4% of annual turnover). Compliance with these regulations require the precise knowledge of the data you store and process, along with the correct data management policy across your business. It is imperative that any organization working within the EU is able to meet regulation by May 2018.

Consumers will have more control and privacy over their data.

The GDPR is a win for consumers. It will now be easier than ever for consumers to have access to the Personally Identifiable Information (PII) they share, how it is shared, and whether or not they want to continue to share it. The GDPR requires that companies provide all details regarding the use of their information back to consumers upon request at no cost. Consumers must then have the ability to request that their information be deleted by companies that they no longer want to share with. It is also required the companies format data to easily manage consumer PII.

“I’m a Chief Information Security Officer (CISO) and I’m not sure where to start. How do I comply?”

With the increased requirements to provide additional layers of security and privacy, it is the CISOs job to execute a plan that covers all the requirements of the GDPR. According to ServiceNow’s study where they surveyed over 300 CISO’s, “CISOs in Europe are betting on automation, and the pace of automation is quickening: Just under one-third of respondents in Europe (31%) automate more than 40% of their security processes today, while more than two thirds (72%) plan to automate that amount in three years.” With this trend towards automation, CISO’s must look towards innovative companies which provide GDPR compliance with easy to use, automated solutions.

Keep consumers coming back.

By following compliance, companies not only avoid fines, but become trusted leaders to their customers. This trust enhances company brand and keeps consumers coming back. Every company should strive to be associated with security and compliance for the overall impact of positive branding and consumer trust. Put yourself in the customers’ shoes. Would you trust a company with your sensitive information if they had little to no security measures in place and weren’t up to regulation?

Benefits for businesses.

While many businesses are scrambling to ensure compliance, there are huge benefits to supporting these regulations.

  1. Enhanced security and privacy will increase consumer trust and improve enterprise brands
  2. Enterprises will differentiate user-centric service offerings to drive user adoption
  3. Enterprises will minimize risks of data breaches that negatively impact enterprise value

CISOs, fear no more.

With the ID DataWeb Attribute Exchange Network (AXN™), GDPR compliance is available in one easy to implement solution. The AXN™ obtains, logs, and manages each authentication and attribute verification transaction with explicit user consent. The AXN™ enhances user privacy and control over verified user attributes without creating a centralized data store of user attributes on the AXN™. The individual user’s PII is not stored at the AXN™. It is stored in an encrypted Personal Data Store (PDS) at a secure online location and under direct user access control via the AXN™ User Management Console. These services enable the user to manage the ongoing sharing of their data with each online service in compliance with the GDPR.

Throughout the identity ecosystem, users will leverage credentials issued and managed by their trusted identity providers (such as Microsoft, LinkedIn, and enterprise credentials) to enable single sign-on and to minimize password use.  To create new accounts, Users input their attributes via the AXN™ capture screen, opt-in to have those attributes verified by the appropriate attribute provider services, and opt-in to have their attributes and verification claims shared with chosen services and sites. After completing the first verification flow via the AXN™, users can re-use verified attributes from their PDS to create new online accounts and access additional web services. This feature minimizes user friction of re-typing required PII and promotes user adoption. User data is protected, precise knowledge of the data and store process is readily available, and user experience and trust is greatly enhanced.

Through our AXN™ solution, the way to comply with the GDPR is simple and cost efficient. The deadline for GDPR adoption is May 25, 2018. At this time, GDPR will become fully enforceable throughout the EU. Are you ready?