<img alt="" src="https://secure.norm0care.com/164647.png" style="display:none;">
Breaking News: Onegini and iWelcome are now OneWelcome | READ PRESS RELEASE  

CIAM will never be the same with GDPR - Part 1 of 9

Corné van Rooij
August 9, 2017 at 3:21 PM

Long time, Consumer Identity and Access Management (CIAM) was all about managing a user’s identity lifecycle, often an employee. Role-based access control (RBAC), identity governance, role mining and cross-domain Single Sign On were top of mind for every CIAM expert.  While this is not over and behind, we see a new topic that will shape the world of CIAM forever and this time, it comes out of Europe and is called GDPR.

It's time for GDPR!

The European Union General Data Protection Regulation took about 4 years of negotiation, is 200 pages long and entered into force April this year. It will be in full force 25th May 2018 for all EU countries, no ratification is needed. So you can’t get around it, and by the way, Brexit will not be finished so also UK citizens will be protected by this law.


Now you might say, so what, is this something new and does this have a relationship with CIAM? Yes, it does. And big time too! It will affect all business with civilians, consumers, individuals, that have a need for having or handling personal data. It’s all about how you gather, store, protect and life cycle that data... so it’s almost all about CIAM. And unless your e-business is not towards consumers nor do you have the need to know them, you will be affected by too many if not all of the aspects of this law.

So, what needs to be done before GDPR?

Yes, you don’t need to be compliant with handling identity-related information till 25th May 2018. But you need to do a lot to get there and it’s not unrealistic to say you need at least a year to shape the CIAM around your companies e-Business to be compliant and don’t risk fines that can lead up to €20m or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater. 

In the next months, we will take one of the 8 topics below that need to be addressed with CIAM to be GDPR compliant. This law is for once not about ‘ticking the boxes’ but all about taking good care of your customer’s privacy, protect his/her personal data and be transparent on what you do with it and how you use it. If you do it right, they will love you for it and it will make your business more trustworthy. Never before, CIAM was on the COOL side of IT and closer to your company’s core business as ever.

In a series of 9 blogs, we will dive deeper into the specific parts of the GDPR and their effect on CIAM. 

  1. Why CIAM will never be the same with GDPR 
  2. Consent Management with GDPR in mind 
  3. Transparency and GDPR
  4. Strict regulation of automated individual decision making.
  5. What is sensitive personal data?
  6. Privacy by design: Data protection starts in the whiteboard phase
  7. Special rights for the individual like “right to be forgotten”
  8. Data breach communication.
  9. Children's privacy under GDPR.

Feel free to repost this blog on your website! But when you do so, please be so kind to mention the source and give us a notice via marketing@iwelcome.com.

You May Also Like

These Stories on GDPR

Subscribe by Email

No Comments Yet

Let us know what you think