Building a correct consumer identity and access management (CIAM) strategy is a real challenge and an integral cornerstone of any digital transformation process. CIAM mainly focuses on connecting consumers, managing and securing consumer data, and analyzing identity behaviors to provide a more engaged customer experience. GDPR is a real challenge and force business to rethink and redefine their CIAM strategies. This session will mainly focus on discussing the key challenges in building the GDPR complaint CIAM strategy and best practices. It will cover the following areas: The role of a CIAM strategy in digital transformation Connecting with consumers through self-service registration and social registration Consumer identification and verifications GDPR impact on CIAM strategy Roadmap for GDPR compliance

1. Director, WSO2
GDPR impact on Consumer Identity and
Access Management (CIAM)
Sagara Gunathunga

2. Digital Transformation
will decide and shape
the destiny of your business

3. Digital Transformation
is no longer a nice to
have or a differentiator,
it’s about the survival
of your business
Is it the Right Time to Think?
A nice to have
A differentiator
For survival

4. Is it Real?
Look Around You!

5. Is it Real?

6. • Sales increasingly based on real user reviews and
ratings than traditional marketing
• Physical stores replaced with digital channels (web
stores, mobile apps, IVR solutions)
• Fast consumer response time and convenience
means connectivity (e.g. Facebook, Twitter,
WhatsApp)
Digitize Delivery Channels

7. Generic user experiences don’t
work, consumers now expect
– A highly personalized
experience
– Control over preferences
– Relativeness of content
Personalized User Experience

8. Knowing Your Customer is
Key!

9. Personalized
experience
What Does
CIAM Offer?
CIAM
Connect with
consumers
Consumer data protection

10. What Does CIAM Offer?
Bring Your Own Identity (BYOI)
Minimizes registration fatigue
by providing wide range of
options for consumer on-
boarding through trusted
social identity providers, such
FB, Twitter, Google

11. Bring Your Own Identity (BYOI)
New to Hi!
Sign Up
Welcome
Sagara

12. Consumer Authentication
• Social logins eliminate password management
complexities from consumer and business side
• Out-of-the-box support for strong authentication
options, such as two-factor authentication
• Risk-based adaptive authentication options
What Does CIAM Offer?

13. Social Logins
New to Hi!
Sign Up
Welcome
Sagara

14. Two-Factor Authentication
STEP 1
STEP 2
Welcome
Sagara

15. What Does CIAM Offer?
Single sign-on (SSO)
• Social logins eliminate
password management
complexities from
consumer and business
side
• Out-of-the-box support
for strong authentication
options, such as 2-factor
authentication
Welcome
Welcome

16. What Does CIAM Offer?
Progressive profiling
The process of how the
system learns about a
customer in a progressive
manner

18. • Regulation implemented in EU and goes in
effect May 2018
• Personal data processing organizations
established in EU, and organizations outside
EU that process personal data from individuals
in EU need to comply
• Up to 4% of revenue penalties for violations
GDPR

19. • Recognizes protection of personal data and
control over processing of personal data as a
fundamental right of an individual
• Provides processing organizations certainty on
personal data processing
• Wider definition for personal data as
personally identifiable information (PII)
GDPR

20. • Consent lifecycle management
– User onboarding based on active consent
– Ability to review given consent and revocation
– Ability to demonstrate proof of consent
– Consent per purpose
– Consent design
GDPR Impact on CIAM

21. Consent Lifecycle Management
Welcome
Sagara
New to Hi!
Sign Up

22. • CIAM solutions should
provide a self-care
portal for consumers
– Review already given
consent
– Revoke given consent
Consent Lifecycle Management

23. Consent Design
• Consents from a CIAM solution should meet design
consideration mandate by the GDPR
– Informed
– Active opt-in
– Unbundled
– Named
– Easy to Withdraw
– Granular
– Considerations for children's consent

24. GDPR Impact on CIAM
• A CIAM solution
should address
– Privacy by design
– Privacy by default

25. A CIAM solution
should facilitate
implementation
of consumer
rights
GDPR Impact on CIAM
The right of transparency
and modalities
The right to be informed
The right of access
The right to notification
obligation
The right to rectification
Rights in relation to
automated decision making
and profiling
The right to data
portability
The right to object
The right to restrict processing
The right to be forgotten

26. • Self-care portal is an ideal
solution to implement
consumer rights
– Review user profiles
– Alteration of user profiles
– Deletion for user profiles
– Keep user profile up-to-
date
– Support user profile
portability
GDPR Impact on CIAM

27. • Digital transformation is critical for business survival
• GDPR enhances consumer privacy, poses new
challenges for organizations
• A proper CIAM tool can help you win the digital
transformation battle in a GDPR compliant manner
Conclusion

28. wso2.com