By Mayur Upadhyaya | Posted on April 27, 2017
The European Union (EU) General Data Protection Regulation (GDPR) is the biggest change to data privacy regulation in 20 years and our readiness planning has been underway for some time. This new regulation has mandated that organisations must have the capabilities to quickly and easily demonstrate compliance with new customer privacy requirements that will go into effect May 25, 2018. And we are proud to announce we are the first Customer Identity and Access Management (CIAM) vendor ready to meet GDPR requirements in support of the May 25, 2018 compliance date.
It is fair to say that the GDPR is likely to be one of the most challenging and disruptive regulations to implement for companies within and outside of the EU. It represents a framework to guide business usage of personal data across the EU and introduces a wide range of complex privacy related requirements impacting all units of business organisations, including legal, compliance, information security, marketing, engineering, and HR.
And while the impact the GDPR will have on businesses offering services in the European market is substantial, many organisations are still ill prepared to sufficiently meet the demands of the GDPR. This is why Janrain Professional Services is now offering the GDPR Primer and GDPR Readiness Assessment to help our clients discover gaps and recommend remediation plans for authentication, registration, security, and overall management of identity related processes, technologies, and data.
If your company offers goods or services to EU residents, collects data of EU residents, or has employees in the EU, then you will have to prepare to be compliant with the new law. It makes no difference if your company has offices in the EU or operates from abroad. Unlike many earlier regulations, the GDPR comes with significant penalties for non-compliance: fines up to 20M EUR or 4% of total worldwide annual revenue of the preceding year, whichever is higher.
Given the high sensitivity for data and privacy protection in many EU countries, it is to be expected that citizens, authorities, and privacy-focused NGOs will keep a close eye on companies and their ability to comply.
As a vendor of a customer identity and access management platform (CIAM), Janrain is in a highly critical position for our clients when it comes to GDPR readiness. Many of our services directly or indirectly provide the technical foundation for our clients to achieve compliance in responding to data subjects asserting their GDPR rights, and our technology is a key part of what they will use to get themselves ready for the new regulation.
Consequently, our clients look to us for guidance, and they also expect us to be ready when they start their GDPR efforts. When the EU announced the upcoming regulation last year, it was clear to us that we had to be a step ahead.
This is why we started a dedicated, cross-functional effort in order to get the product line, as well as Janrain as a company, GDPR ready. This effort is being led by our General Counsel and Vice President of Privacy, a certified information privacy professional.
Janrain has a history of being a step ahead of our competition when it comes to complying with the latest regulations and standards. We obtained an independent certification by TRUSTe for our privacy practices, and have successfully met all criteria for a clean SOC2 Type II audit for meeting the Security, Confidentiality and Availability Trust Principles. We also hold other certifications and attestations such as those for ISO/IEC 27001:2013, and the HIPAA/HITECH Security Rule. Our underlying cloud provider, Amazon Web Services (AWS), has successfully completed multiple SAS70 Type II audits and publishes SOC 1, 2, and 3 reports. These certifications and attestations reflect the appropriate data protection measures we have in place to satisfy GDPR requirements.
In our experience, establishing GDPR readiness requires a great deal of understanding, organisational alignment and effort across any business organisation. With May 25, 2018 just over a year away, we have been concerned about how encumbered our clients will be and the distraction to their core businesses.
In an effort to make our own learnings and expertise available to others, we recently made available a GDPR Primer and Readiness Assessment. Both offers will be tailored to the individual needs of the client. The primers are discovery workshops (in the range of 3-6 hours) to address the basics and help organisations identify needs and gaps on their way to compliance. The readiness assessment is a services engagement that dives deeper into the specific requirements for CIAM processes. The assessment is typically an engagement in the range of 10-25 days, depending on the individual needs, and includes a gap analysis against core GDPR requirements, a findings report with a remediation plan, and a prioritised roadmap.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…