<img alt="" src="https://secure.norm0care.com/164647.png" style="display:none;">

Solutions

Accelerate your digital business with frictionless, secure and privacy protected identity management for consumers, business customers and employees.

Full Solutions

Industries

Many organisations across various industries rely on iWelcome for serving their users with secure authentication and identity lifecycle management.

About us

Founded in 2011, Welcome is Europe's 'green' leader in IAM solutions, with an innovative approach to Consent Lifecycle Management and top-class private cloud technology.

Resources

We love to share knowledge and news on digital identities and iWelcome’s products. There is food for thought for everybody, from geeks to rookies. We appreciate your feedback!

CIAM will never be the same with GDPR - Part 1 of 9

Corné van Rooij
August 9, 2017 at 3:21 PM

Long time, Consumer Identity and Access Management (CIAM) was all about managing a user’s identity lifecycle, often an employee. Role-based access control (RBAC), identity governance, role mining and cross-domain Single Sign On were top of mind for every CIAM expert.  While this is not over and behind, we see a new topic that will shape the world of CIAM forever and this time, it comes out of Europe and is called GDPR.

Ever heard of GDPR?

The European Union General Data Protection Regulation took about 4 years of negotiation, is 200 pages long and entered into force April this year. It will be in full force 25th May 2018 for all EU countries, no ratification is needed. So you can’t get around it, and by the way, Brexit will not be finished so also UK citizens will be protected by this law.

Now you might say, so what, is this something new and does this have a relationship with CIAM? Yes, it does. And big time too! It will affect all business with civilians, consumers, individuals, that have a need for having or handling personal data. It’s all about how you gather, store, protect and life cycle that data... so it’s almost all about CIAM. And unless your e-business is not towards consumers nor do you have the need to know them, you will be affected by too many if not all of the aspects of this law.

25th May 2018, we have a lot of time...

Yes, you don’t need to be compliant with handling identity-related information till 25th May 2018. But you need to do a lot to get there and it’s not unrealistic to say you need at least a year to shape the CIAM around your companies e-Business to be compliant and don’t risk fines that can lead up to €20m or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater. 

In the next months, we will take one of the 8 topics below that need to be addressed with CIAM to be GDPR compliant. This law is for once not about ‘ticking the boxes’ but all about taking good care of your customer’s privacy, protect his/her personal data and be transparent on what you do with it and how you use it. If you do it right, they will love you for it and it will make your business more trustworthy. Never before, CIAM was on the COOL side of IT and closer to your company’s core business as ever.

In a series of 9 blogs, we will dive deeper into the specific parts of the GDPR and their effect on CIAM. 

  1. Why CIAM will never be the same with GDPR 
  2. Consent Management with GDPR in mind 
  3. Transparency and GDPR
  4. Strict regulation of automated individual decision making.
  5. What is sensitive personal data?
  6. Privacy by design: Data protection starts in the whiteboard phase
  7. Special rights for the individual like “right to be forgotten”
  8. Data breach communication.
  9. Children's privacy under GDPR.

Feel free to repost this blog on your website! But when you do so, please be so kind to mention the source and give us a notice via marketing@iwelcome.com.

You May Also Like

These Stories on GDPR

Subscribe by Email