<img alt="" src="https://secure.norm0care.com/164647.png" style="display:none;">
Breaking News: Onegini and iWelcome are now OneWelcome | READ PRESS RELEASE  

iWelcome & GDPR

Manage your customers' data compliant to GDPR with CIAM

What is GDPR and how does it relate to CIAM?

GDPR is short for General Data Protection Regulation. It's a European set of rules on data protection that entered into force in May 2018. The regulation gives citizens full control over their personal data and lets businesses benefit from trusted customer relations. The GDPR applies to organisations located within the EU, but also to organisations outside of the EU that offer goods or services to European citizens.

Right after the introduction the focus was on  the inventory of customer data. Remaining compliant requires an investment in a CIAM-platform. Constant control over customer data in a heterogenous landscape can only be implemented with a Single-Source-of-Truth with customer data and the lawful processing of it.

On this page, we demonstrate how CIAM is foundational to solve the key GDPR challenges.

Research: The state of GDPR in Europe and the U.S.

The GDPR does not just apply to organisations located within the EU, but also to organisations outside of the EU that offer goods or services to European citizens. This means that also outside of Europe, companies have been working on getting GDPR compliant. But there is still a lot of work to do.

We researched the GDPR-readiness of large organisations across Europe and the U.S - from a customer's perspective. 
The landscape of privacy regulations will remain interesting for many years to come, with new regulations being designed. A good example of a similar legislation is the California Consumer Privacy Act (CCPA) in California. We present you an overview of the most important differences. 

GDPR research - The state of GDPR in Europe

The State of GDPR in Europe

Q3-2018 - The post-deadline edition of our GDPR research. We have been testing GDPR requirements for some of the main consumer websites in Europe for the 5th time.

GDPR Research - the State of GDPR in the US

The State of GDPR in the US 

Q1-2019 - After the success of our European GDPR research (quoted in news papers and Gartner reports), iWelcome initiated comprehensive research to find out how US firms perform when it comes to consumer privacy.

GDPR vs CCPA blog

GDPR vs. CCPA: the 5 most important differences 

The CCPA was inspired by the GDPR. Here is our overview of the 5 most important differences, of the current state of the CCPA and the GDPR.

9 key criteria for GDPR & CIAM

Consent Lifecycle Management

iWelcome's fine-grained CIAM platform allows storage of consent that customers give for the use of their data, per attribute and purpose of use. 

Learn More →

Security by design

From the start, a service needs to be designed with security at top of mind. This includes security policies enforced on the whole service and the following of secure coding best practices.

Learn More →

Data retention policies

Besides specifying the period that personal data will be stored for in a privacy policy, you can also add this in a CIAM platform, so consumers are always aware.

Learn More →

Privacy by default

Any digital service needs to take privacy into account on all personal data, from the start of the service. Privacy of a data subject should always be the default option. 

Learn More →

Right to erasure

Any individual has the right to be forgotten without delay, provided data retention policies don't interfere. With CIAM this can be integrated with just one press of a button.

Learn More →

Data portability

Individuals have the right to transport their personal data from one organisation to the next. In CIAM you can add the option to download a machine-readable format of the personal data. 

Learn More →

Ability to withdraw

An individual has the right to withdraw consent on the use of certain attributes just as easily as it was given. CIAM allows consumers to manage their profiles including given consents.

Learn More →

Right of Access and Rectification

Allowing consumers to view and edit their personal data is one of the cornerstones for building trusted consumer relationships.

Learn More →


The individual needs to be sufficiently informed to ensure fair and transparent data processing. The information must be provided in a concise, transparent, intelligible, and easily accessible form.

Learn More →

GDPR Master Toolsets

Become an expert in GDPR - Download our toolset here in English, German or French

GDPR Toolset

GDPR Master Toolset

Downloading this toolset will bring you loads of useful information on GDPR, consent management and the role of IAM.

DSGVO Toolset

DSGVO Master Toolset (DE)

Mit diesem DSGVO Master-Toolset lernen Sie, wie Sie sich aus der Sicht von CIAM auf die DSGVO vorbereiten können.

RGPD Kit complet

Kit complet RGPD (FR)

Avec ce Kit complet RGPD d'iWelcome, vous découvrirez comment une solution de CIAM peut vous aider à vous préparer au RGPD.

GDPR Customer Journey Infographic

Infographic - The GDPR Customer Journey

Follow the customer journey of our petrol head Gustav, who subscribes online to get information about cars, engages with an online publisher and eventually buys car insurance through that publisher. On his journey, he'll encounter situations where GDPR is applicable. We explain how CIAM can help to be compliant in those situations.


How does your organisation score on GDPR?





Read more about GDPR and CIAM