By Greg Griffiths | Posted on May 18, 2018
With the enforcement of the EU’s General Data Protection Regulation a week away, we’re seeing an uptick in the doomsday-style social media posts that are reminiscent of the days leading up to New Year’s Eve 1999 warning of the then-looming havoc of Y2K. We prefer to try to stay away from the fear-mongering approach.
At Janrain, we see the implementation of GDPR as an opportunity for businesses to closely examine their use of customer data and their strategies for increased customer engagement. When you look at the regulations themselves, they paint a clear picture of consumers’ expectations about how brands handle their personal information.
Essentially, consumers want to control their personal data and GDPR gives them that right - at least those who are residents of the EU. Starting May 25, businesses who collect or use data of EU residents will be required to provide covered individuals access to that data, the ability to object to, correct or get a copy of that data, the ability to restrict processing and profiling and the right to be forgotten.
None of those capacities seems outlandish, but for businesses with multiple data silos, high volumes of legacy data, decentralized data management tools and limited, all-or-nothing consent options meeting the requirements of GDPR can seem like a steep climb. Of course, Janrain clients have a head start by virtue of having a sophisticated, centralized customer identity and access management (CIAM) solution in place. Since the passage of GDPR, we’ve been working with our clients to make sure that their customer data is managed in a way that supports their compliance efforts. From this experience - and from conversations with industry colleagues and non-clients, as well - we’ve gotten a good overview of how brands are progressing on the path to GDPR compliance.
As you’d expect, brands that began deploying data privacy strategies upon the passage of GDPR two years ago are in a better position as we near the enforcement date. Having a DPO (Data Protection Officer - a role required by GDPR for some organizations) in place who is familiar with the organization and C-level support for compliance initiatives smooth the path for these organizations.
Some brands are nearing or have crossed the finish line in terms of GDPR preparedness. Others are still grappling with the basics or trying to determine whether the regulations really apply to them - particularly those located outside of the EU. A cross-industry survey from a couple of months ago by SAS indicated that, globally, only 46% of those asked expected to be GDPR compliant by May 25. Within the US, only 30% of respondents expected their organizations to be compliant.
One of the biggest challenges that companies face - once initiatives are sponsored and signed off on and teams are assembled - is the chore of data mapping. Creating a clear and complete depiction of what personal data - from employees, contractors, customers and end-users - is stored where and for what purposes, can be a monumental task - particularly if that data is stored in separate, siloed systems. Gathering consent for the use of that data is the next big challenge. Companies with a centralized customer identity and access management solution have a head start in mapping their data and ensuring that it meets GDPR standards for consent and privacy.
From determining whether your company falls under the umbrella of GDPR enforcement to implementing more sophisticated customer data consent and privacy solutions, it can be a boost to bring in outside expertise. Janrain was the first customer identity and access management provider to be ready to meet GDPR requirements. Our professional services organization has crafted and delivered GDPR assessments to discover gaps and craft remediation plans. The Janrain Identity Cloud’s advanced customer privacy and consent management capabilities are designed to support customer-centric and compliant data policies.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…