GDPR. Four letters, one colossal shift in privacy compliance for companies around the globe.
With organisations collecting increasing amounts of data, customers and the governments that represent them have evolving expectations about the transparency surrounding data collection, and the laws that govern the usage and reporting of it.
Only recently, Whatsapp was warned by European regulators about over sharing data with Facebook, its parent company. This comes despite Whatsapp pledging in 2014 that nothing would change as a result of its acquisition.
Today every enterprise is global, but regional and national data laws – including those that define where consumer data must be stored and processed – vary widely. While this makes it increasingly tricky to serve international customer bases, businesses don’t want to give up on these massive audience segments. Yet they are increasingly being forced to adapt, and in some instances ensure customer data from nation-state residencies is kept in that locality.
GDPR is shorthand for General Data Protection Regulation. In May 2018, it will become the privacy and data handling standard for the EU, altering the requirements for managing personal data for businesses both inside and external to the union indefinitely.
Businesses must act now to traverse the balance between new regulatory requirements and effectively managing customer identity data for the digital age. For many, this will mean reviewing what structures need to be implemented to remain compliant, whilst ensuring the optimisation of customer needs and the associated need for transparency surrounding the use of their data.
How we got here
GDPR has arisen as a direct result of rapid technological developments and the need to maintain consumer privacy via a more stringent framework. There are a variety of new regulatory elements which all businesses processing the data of consumers located within the EU will have to adhere to, including:
- Identifying a customer – even when he or she is using different login credentials over time
- Managing and respecting consent, preferences and wishes to opt-in or out across all touchpoints
Understanding the identity of a customer will become more important than ever. So how can businesses approach the multitude of issues that surround this process, in an efficient, well-structured way?
Manging identity in the digital age
CIAM (Customer Identity and Access Management) can help centralise data in a consistent way, forming the basis of a robust digital strategy for delivering seamless customer experiences and managing many aspects of privacy compliance.
CIAM platforms can provide:
- Support for compliance with regional privacy and data protection regulations, as well as with the terms of service of social networks and other identity providers
- Access to multiple regional data centres, to ensure that any relevant data localisation requirements are met
- Ensure robust industry-standard security for physical data storage, encryption, API transactions, application development and more
Best-of-breed CIAM providers can also help brands meet regulatory requirements for how data is controlled. This presents an obvious challenge to businesses that leverage on-premises data centres to manage consumer data, but even large cloud providers can come up short in situations such as the one in Russia, since many large cloud-based storage providers such as AWS have no presence there.
GDPR also has strict requirements about giving consumers access to and control of their personal data. At any point, users must be able to autonomously export, delete, edit and freeze processing of the information in their profiles. Leading CIAM providers offer customisable registration and profile management workflows and other specialised functions that ensure consumers remain in control of their data.
Preparing today for tomorrow
For now, the world will have to wait to see how the GDPR, the newly ratified EU-U.S. Privacy Shield data transfer framework, and numerous other recent regulatory initiatives will shake out in terms of real-world application and enforcement. Regardless of outcomes though, we believe the smart move for businesses is to start developing a well-planned strategy for managing privacy now.
Readiness for the future of data privacy requires flexibility above all, and a specialist in customer identity management can help you build a foundation for managing consumer data that continuously evolves to serve global markets and the needs of your business, while helping to keep you and your customers safe in an uncertain world.
[su_box title=”About Richard Lack” style=”noise” box_color=”#336588″][short_info id=’83111′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.