Skip to main content
IAM vs. CIAM CIAM Buyer's Guide Contact Us
Janrain respects your privacy and will treat the personal data you choose to share with us in accordance with our privacy policy.

Days away from GDPR - the view from the trenches

By Greg Griffiths | Posted on May 18, 2018

GDPR Implementation Strategy

With the enforcement of the EU’s General Data Protection Regulation a week away, we’re seeing an uptick in the doomsday-style social media posts that are reminiscent of the days leading up to New Year’s Eve 1999 warning of the then-looming havoc of Y2K. We prefer to try to stay away from the fear-mongering approach.

GDPR compliance can result in better customer engagement

At Janrain, we see the implementation of GDPR as an opportunity for businesses to closely examine their use of customer data and their strategies for increased customer engagement. When you look at the regulations themselves, they paint a clear picture of consumers’ expectations about how brands handle their personal information.

Essentially, consumers want to control their personal data and GDPR gives them that right - at least those who are residents of the EU. Starting May 25, businesses who collect or use data of EU residents will be required to provide covered individuals access to that data, the ability to object to, correct or get a copy of that data, the ability to restrict processing and profiling and the right to be forgotten.

Consumer rights under GDPR
Fig 1: Dimensions of consumer rights under GDPR

None of those capacities seems outlandish, but for businesses with multiple data silos, high volumes of legacy data, decentralized data management tools and limited, all-or-nothing consent options meeting the requirements of GDPR can seem like a steep climb. Of course, Janrain clients have a head start by virtue of having a sophisticated, centralized customer identity and access management (CIAM) solution in place. Since the passage of GDPR, we’ve been working with our clients to make sure that their customer data is managed in a way that supports their compliance efforts. From this experience - and from conversations with industry colleagues and non-clients, as well - we’ve gotten a good overview of how brands are progressing on the path to GDPR compliance.

How well are brands prepared for GDPR?

Companies with existing privacy and compliance teams and support technologies in place are having an easier transition.

As you’d expect, brands that began deploying data privacy strategies upon the passage of GDPR two years ago are in a better position as we near the enforcement date. Having a DPO (Data Protection Officer - a role required by GDPR for some organizations) in place who is familiar with the organization and C-level support for compliance initiatives smooth the path for these organizations.

Levels of GDPR readiness are wide-ranging.

Some brands are nearing or have crossed the finish line in terms of GDPR preparedness. Others are still grappling with the basics or trying to determine whether the regulations really apply to them - particularly those located outside of the EU. A cross-industry survey from a couple of months ago by SAS indicated that, globally, only 46% of those asked expected to be GDPR compliant by May 25. Within the US, only 30% of respondents expected their organizations to be compliant.

Businesses are finding out that data mapping is hard work.

One of the biggest challenges that companies face - once initiatives are sponsored and signed off on and teams are assembled - is the chore of data mapping. Creating a clear and complete depiction of what personal data - from employees, contractors, customers and end-users - is stored where and for what purposes, can be a monumental task - particularly if that data is stored in separate, siloed systems. Gathering consent for the use of that data is the next big challenge. Companies with a centralized customer identity and access management solution have a head start in mapping their data and ensuring that it meets GDPR standards for consent and privacy.

Outside help can actually help.

From determining whether your company falls under the umbrella of GDPR enforcement to implementing more sophisticated customer data consent and privacy solutions, it can be a boost to bring in outside expertise. Janrain was the first customer identity and access management provider to be ready to meet GDPR requirements. Our professional services organization has crafted and delivered GDPR assessments to discover gaps and craft remediation plans. The Janrain Identity Cloud’s advanced customer privacy and consent management capabilities are designed to support customer-centric and compliant data policies.

Click here to learn more about how Janrain Customer Identity and Access Management can support your GDPR compliance efforts.

Popular Posts

About the author

Greg Griffiths

Greg Griffiths

Sr. Product Marketing Manager

Greg Griffiths brings more than 15 years' experience marketing SaaS solutions in the enterprise IT, publishing and education arenas to Janrain as our Senior Product Marketing Manager. Greg drives much of Janrain's content and works across groups to ensure cohesive and articulate presentation of how our products and services align with the needs of our clients and the larger market. An analytics geek, Greg also steers much of Janrain's internal SEO and conversion initiatives, as well as new product launches. 

When Greg is away from our Portland office, he's likely enjoying time with his kids, near a trout stream, in a hammock, with a Faulkner novel close by ... probably all four at the same time.

View all posts by Greg Griffiths