GDPR picture

IAM will never be the same with GDPR – Part 1 of 9

Long time, Identity and Access management was all about managing a user’s identity lifecycle, often an employee. Role based access control (RBAC), identity governance, role mining and cross domain SSO were top of mind for every IAM expert.  While this is not over and behind, we see a new topic that will shape the world of IAM forever and this time, it comes out of Europe and is called GDPR.

Ever heard of GDPR?

The European Union General Data Protection Regulation. It took about 4 years of negotiation, is 200 pages long and entered into force April this year. It will be in full force 25th May 2018 for all EU countries, no ratification is needed. So you can’t get around it, and by the way, Brexit will not be finished so also UK citizens will be protected by this law.

Now you might say, so what, is this something new and does this have a relationship with IAM? Yes it does. And big time too! It will affect all business with civilians, consumers, individuals, that have a need for having or handling personal data. It’s all about how you gather, store, protect and life cycle that data… so it’s almost all about IAM. And unless your e-business is not towards consumers nor do you have the need to know them, you will be affected to many if not all of the aspects of this law.

25th May 2018, we have a lot of time…

Yes, you don’t need to be compliant with handling Identity related information till 25th May 2018. But you need to do a lot to get there and it’s not unrealistic to say you need at least a year to shape the IAM around your companies e-Business to be compliant and don’t risk a fine of 10 million euro. Did I already say, that this is the minimum fine…

In the next months, we will take one of the 8 topics below that need to be addressed with IAM to be GDPR compliant. This law is for once not about ‘ticking the boxes’ but all about taking good care of your customer’s privacy, protect his/her personal data and be transparent on what you do with it and how you use it. If you do it right, they will love you for it and it will make your business more trustworthy. Never before, IAM was on the COOL side of IT and closer to your company’s core business as ever.

Next 8 blogs we will cover all topics below in more detail to get you ready.

  1. Consent
  2. Transparency
  3. Profiling and automated decision taking
  4. Sensitive personal data and how to handle
  5. Privacy by Design & Data protection by Design
  6. Special rights for the individual like “right to be forgotten”
  7. Data breach communication
  8. Children

 

Corné van Rooijsso specialist

VP Product & Strategic Alliances at iWelcome

Corné has been working in the security market for more then 20 years of which the last 15 years at two well known Identity Management Vendors. 

 

Feel free to repost this blog on your website! But when you do so, please be so kind to mention the source and give us a notice via Sales@iWelcome.com

Go back