SlideShare a Scribd company logo

The Role of GDPR in Customer Identity and Access Management

WSO2
WSO2

The General Data Protection Regulation (GDPR) makes businesses rethink and redefine their CIAM strategies. This slide deck focuses on discussing the key challenges and best practices when building a GDPR compliant CIAM strategy.

Technology
1 of 49
Download to read offline
THE ROLE OF GDPR IN CUSTOMER IDENTITY AND ACCESS MANAGEMENT Rushmin Fernando Technical Lead, WSO2
2 Mountain View, Colombo, New York, London, Sao Paolo, Sydney Founded in 2005 Venture backed by Cisco and Toba Capital 500 Employees; 300 Engineers 450+ Customers, 170+ New Customers in 2017 Profitable About Us 2
Introduction to GDPR 3 GDPR in a Nutshell
4 GDPR is a new regulation which controls the way organizations collect and use their customers’ personal data
Introduction to GDPR 5 CIAM in a Nutshell
6 CIAM is about managing customer identity and customer profiling
7 Customers’ personal data What’s in Common?
Introduction to GDPR 8 CIAM Explained
The evolution of digital transformation brought CIAM into existence 9 How Did it Start?
10 Digital Transformation ● Organizations allowing their customers to consume the services or goods using digital technologies ● In the beginning it was a nice to have feature ● Then it became a differentiator ● Now it is a survival factor for some businesses
12 Customers like it, when the vendors recognize them and remember their buying patterns.
By asking the customers to tell who they are (authenticate)and collecting their usage data 13 How is this Done in the Online World ?
14 Implementing the Solution One option is to build in-house Username Password Database Credentials Credentials Usage data
15 There are IAM tools available! But Why Reinvent the Wheel?
16 Nature of Traditional IAM Tools ● Traditional IAM tools are designed to be used inside organizations ● They don’t need to have intuitive UX ● They don’t need to handle huge number of users ● They don’t need to have strong authentication since the systems are not exposed externally
17 Customers Expect... To use their social logins
18 Customers Expect... Multi-factor authentication (MFA) OR
19 Customers Expect... ● To avoid re-login when using different portals from the same organization (Single Sign-On) ● Intuitive UX ● Omnichannel access
20 CIAM tools What Would Bridge the Gap?
Introduction to GDPR 21 GDPR Explained
GDPR - A Bird's Eye View 22 What is GDPR Objectives of GDPR Impact of GDPR Privacy Principle Individual Rights Consent Management
23 What is GDPR? ● GDPR is a new legal framework formalized in the European Union (EU) in 2016, which effectively replaces the previously used Data Protection Directive (DPD) ● GDPR will come into effect on May 25, 2018 ● GDPR is applicable for any data processing organization that processes personal data or monitors behavior of individuals residing in the EU
24 Objectives of GDPR ● Recognizes protection of personal data and control over processing of personal data as a fundamental right of an individual ● Broadens the scope of personal data as Personally Identifiable Information (PII) ● Free movement of personal data within the EU ● Provides business organizations certainty on personal data processing activities
Impact of GDPR ● Any business that delivers goods or provides services to individuals living in the EU is affected, regardless of whether the business is established in the EU ● Personal data processing organizations that cannot demonstrate GDPR compliance will be subjected to financial penalties up to 4% of their annual turnover, or €20 million 25
Storage Limitations Integrity & Confidentiality Accountability Lawfulness, Fairness & Transparency Purpose Limitation Data Minimization Accuracy Privacy Principles 26
5 3 Comply with requests not to automate decision making using personal data Right to restrict processing6 7 8 Individual Rights 9 Allow individual’s data to be stored but not processed. Provide transparency over how personal data is collected, stored, managed, protected, and processed Right to be informed1 Right to stop processing Provide copies of all stored data in a portable format Right to data portability Honor requests not to process an individual’s data for specific purposes Right to access2 Provide individual’s access to their data and explain how they-and any supplemental data-are used 4 Correct any personal data if incomplete or inaccurate Right to correction Remove personal data on request when there is no compelling reason to keep it Right to be deleted Reject automated decisions
Consent ‘Consent’ from the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. - Article 4(11) 28
29 Consent Management ● Consent is one of the six lawful basis of personal data processing as defined by GDPR ● It is the most common lawful basis for commercial businesses ● All personal data processing activities including collection, storage, and sharing need to be based on explicit and active consent from an individual ● Organizations must support complete consent lifecycle management to ensure that individuals can review and revoke consent given at any point
Key Concepts of GDPR Processor A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Controller A natural or legal person, public authority, agency or other body, which alone or jointly with others, determines the purposes and means of processing personal data. 30
31 Key Concepts of GDPR ● Data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ● Supervisory authority. An independent public authority which is established by a Member State
Key Concepts of GDPR ● Pseudonymisation. - Data management procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms ● Personal data breach. A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data ● Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements 32
33 Successful GDPR Compliance Strategy
Introduction to GDPR A CIAM Tool Can Help
35 ● Customer identities are managed centrally ● Therefore the customer rights such as ‘Right to data portability’ and ‘Right to data portability’ can be served from a single place How Would a CIAM Tool Help?
Introduction to GDPRA Good CIAM Tool Can Help Even More
37 ● Customer consent management ● Privacy by design and privacy by default ● User rights In Three Aspects
38 Consent Management ● Customer consent plays a major role in GDPR ● There are requirement related to consent management − Consent design − User onboarding based on active consent − Ability to review given consent and revocation − Ability to demonstrate proof of consent − Consent per purpose
39 Consent Management Consents request from a CIAM solution should meet design consideration mandate by the GDPR − Informed − Active opt-in − Unbundled − Named − Easy to Withdraw − Granular − Considerations for children's consent
40 Consent Management User onboarding based on active consent
41 Consent Management Consent per purpose I would like to receive emails about special offers I would like to receive SMS messages about special offers
42 Consent Management Ability to review given consent and revocation
43 Consent Management Ability to demonstrate proof of consent − Consent receipt specification
44 Privacy by Design and by Default ● Privacy by design allows a CIAM tool to easily battle against new security challenges in a timely manner without degrading the quality of the product. ● Privacy by default helps organizations to guarantee customer privacy without much effort. A CIAM tool can make sure that all the crypto algorithms are up-to-date.
45 Customer Rights Via the User Portal ● Right to access ● Right to reject automated decisions ● Right to correction ● Right to be deleted ● Right to restrict processing ● Right to data portability ● Right to stop processing
Conclusion
● Customer profiling is the key for an organization’s digital transformation journey ● GDPR is a regulation which enhances customer privacy ● Therefore organizations face new challenges with customer profiling ● A proper CIAM tool can help you win the digital transformation battle in a GDPR compliant manner Conclusion 47
Q&A
THANK YOU wso2.com

Recommended

GDPR and API Security
GDPR and API SecurityGDPR and API Security
GDPR and API SecurityWSO2
 
GDPR Compliance with WSO2 Identity Server
GDPR Compliance with WSO2 Identity ServerGDPR Compliance with WSO2 Identity Server
GDPR Compliance with WSO2 Identity ServerWSO2
 
Impact of GDPR on User Experience
Impact of GDPR on User ExperienceImpact of GDPR on User Experience
Impact of GDPR on User ExperienceWSO2
 
The Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantThe Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantWSO2
 
Accelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformAccelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformWSO2
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 

Recommended

GDPR and API Security
GDPR and API SecurityGDPR and API Security
GDPR and API SecurityWSO2
 
GDPR Compliance with WSO2 Identity Server
GDPR Compliance with WSO2 Identity ServerGDPR Compliance with WSO2 Identity Server
GDPR Compliance with WSO2 Identity ServerWSO2
 
Impact of GDPR on User Experience
Impact of GDPR on User ExperienceImpact of GDPR on User Experience
Impact of GDPR on User ExperienceWSO2
 
The Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantThe Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantWSO2
 
Accelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformAccelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformWSO2
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonBrowne Jacobson LLP
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingDimitri Sirota
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUser Vision
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID Inc
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life CycleJatin Kochhar
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Inc
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know Maddie Malling-May
 

More Related Content

What's hot

DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonBrowne Jacobson LLP
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingDimitri Sirota
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUser Vision
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID Inc
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life CycleJatin Kochhar
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Inc
 

What's hot (20)

DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, London
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, Manchester
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and Tagging
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & Orchestration
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping EL
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR Compliance
 

Similar to The Role of GDPR in Customer Identity and Access Management

A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareWinston & Strawn LLP
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesStephen Denning
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupThe Pathway Group
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteSilverTech
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPRMarketo
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperServersys
 

Similar to The Role of GDPR in Customer Identity and Access Management (20)

A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To Prepare
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPR
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist Whitepaper
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

The Role of GDPR in Customer Identity and Access Management

  • 1. THE ROLE OF GDPR IN CUSTOMER IDENTITY AND ACCESS MANAGEMENT Rushmin Fernando Technical Lead, WSO2
  • 2. 2 Mountain View, Colombo, New York, London, Sao Paolo, Sydney Founded in 2005 Venture backed by Cisco and Toba Capital 500 Employees; 300 Engineers 450+ Customers, 170+ New Customers in 2017 Profitable About Us 2
  • 4. 4 GDPR is a new regulation which controls the way organizations collect and use their customers’ personal data
  • 6. 6 CIAM is about managing customer identity and customer profiling
  • 9. The evolution of digital transformation brought CIAM into existence 9 How Did it Start?
  • 10. 10 Digital Transformation ● Organizations allowing their customers to consume the services or goods using digital technologies ● In the beginning it was a nice to have feature ● Then it became a differentiator ● Now it is a survival factor for some businesses
  • 11.
  • 12. 12 Customers like it, when the vendors recognize them and remember their buying patterns.
  • 13. By asking the customers to tell who they are (authenticate)and collecting their usage data 13 How is this Done in the Online World ?
  • 14. 14 Implementing the Solution One option is to build in-house Username Password Database Credentials Credentials Usage data
  • 15. 15 There are IAM tools available! But Why Reinvent the Wheel?
  • 16. 16 Nature of Traditional IAM Tools ● Traditional IAM tools are designed to be used inside organizations ● They don’t need to have intuitive UX ● They don’t need to handle huge number of users ● They don’t need to have strong authentication since the systems are not exposed externally
  • 17. 17 Customers Expect... To use their social logins
  • 19. 19 Customers Expect... ● To avoid re-login when using different portals from the same organization (Single Sign-On) ● Intuitive UX ● Omnichannel access
  • 22. GDPR - A Bird's Eye View 22 What is GDPR Objectives of GDPR Impact of GDPR Privacy Principle Individual Rights Consent Management
  • 23. 23 What is GDPR? ● GDPR is a new legal framework formalized in the European Union (EU) in 2016, which effectively replaces the previously used Data Protection Directive (DPD) ● GDPR will come into effect on May 25, 2018 ● GDPR is applicable for any data processing organization that processes personal data or monitors behavior of individuals residing in the EU
  • 24. 24 Objectives of GDPR ● Recognizes protection of personal data and control over processing of personal data as a fundamental right of an individual ● Broadens the scope of personal data as Personally Identifiable Information (PII) ● Free movement of personal data within the EU ● Provides business organizations certainty on personal data processing activities
  • 25. Impact of GDPR ● Any business that delivers goods or provides services to individuals living in the EU is affected, regardless of whether the business is established in the EU ● Personal data processing organizations that cannot demonstrate GDPR compliance will be subjected to financial penalties up to 4% of their annual turnover, or €20 million 25
  • 27. 5 3 Comply with requests not to automate decision making using personal data Right to restrict processing6 7 8 Individual Rights 9 Allow individual’s data to be stored but not processed. Provide transparency over how personal data is collected, stored, managed, protected, and processed Right to be informed1 Right to stop processing Provide copies of all stored data in a portable format Right to data portability Honor requests not to process an individual’s data for specific purposes Right to access2 Provide individual’s access to their data and explain how they-and any supplemental data-are used 4 Correct any personal data if incomplete or inaccurate Right to correction Remove personal data on request when there is no compelling reason to keep it Right to be deleted Reject automated decisions
  • 28. Consent ‘Consent’ from the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. - Article 4(11) 28
  • 29. 29 Consent Management ● Consent is one of the six lawful basis of personal data processing as defined by GDPR ● It is the most common lawful basis for commercial businesses ● All personal data processing activities including collection, storage, and sharing need to be based on explicit and active consent from an individual ● Organizations must support complete consent lifecycle management to ensure that individuals can review and revoke consent given at any point
  • 30. Key Concepts of GDPR Processor A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Controller A natural or legal person, public authority, agency or other body, which alone or jointly with others, determines the purposes and means of processing personal data. 30
  • 31. 31 Key Concepts of GDPR ● Data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ● Supervisory authority. An independent public authority which is established by a Member State
  • 32. Key Concepts of GDPR ● Pseudonymisation. - Data management procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms ● Personal data breach. A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data ● Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements 32
  • 34. Introduction to GDPR A CIAM Tool Can Help
  • 35. 35 ● Customer identities are managed centrally ● Therefore the customer rights such as ‘Right to data portability’ and ‘Right to data portability’ can be served from a single place How Would a CIAM Tool Help?
  • 36. Introduction to GDPRA Good CIAM Tool Can Help Even More
  • 37. 37 ● Customer consent management ● Privacy by design and privacy by default ● User rights In Three Aspects
  • 38. 38 Consent Management ● Customer consent plays a major role in GDPR ● There are requirement related to consent management − Consent design − User onboarding based on active consent − Ability to review given consent and revocation − Ability to demonstrate proof of consent − Consent per purpose
  • 39. 39 Consent Management Consents request from a CIAM solution should meet design consideration mandate by the GDPR − Informed − Active opt-in − Unbundled − Named − Easy to Withdraw − Granular − Considerations for children's consent
  • 40. 40 Consent Management User onboarding based on active consent
  • 41. 41 Consent Management Consent per purpose I would like to receive emails about special offers I would like to receive SMS messages about special offers
  • 42. 42 Consent Management Ability to review given consent and revocation
  • 43. 43 Consent Management Ability to demonstrate proof of consent − Consent receipt specification
  • 44. 44 Privacy by Design and by Default ● Privacy by design allows a CIAM tool to easily battle against new security challenges in a timely manner without degrading the quality of the product. ● Privacy by default helps organizations to guarantee customer privacy without much effort. A CIAM tool can make sure that all the crypto algorithms are up-to-date.
  • 45. 45 Customer Rights Via the User Portal ● Right to access ● Right to reject automated decisions ● Right to correction ● Right to be deleted ● Right to restrict processing ● Right to data portability ● Right to stop processing
  • 47. ● Customer profiling is the key for an organization’s digital transformation journey ● GDPR is a regulation which enhances customer privacy ● Therefore organizations face new challenges with customer profiling ● A proper CIAM tool can help you win the digital transformation battle in a GDPR compliant manner Conclusion 47
  • 48. Q&A