By Sven Dummer | Posted on July 28, 2017
Businesses across the globe have gravitated toward customer identity management solutions to drive their customer engagement efforts to new heights. Customer identity management solutions handle all things related to the creation and management of customer accounts and the associated personal data. It promises to improve customer experience across various touch points and provide new opportunities to enhance brand outreach. Personal data allows for better business intelligence, more targeted offerings and, maybe most importantly, personalized marketing.
Now change is coming to customer identity landscape. Whether marketers are fully aware of it or not, the European Union’s General Data Protection Regulation (GDPR) is poised to completely shake up consumer data collection and usage standards in 2018, and it applies to any company that does business with EU residents, even if the company and their servers are located elsewhere.
With their direct access to consumers’ personally identifiable information (PII), CIAM systems lie at the very center of GDPR compliance. If you currently have or are considering investing in a CIAM solution, GDPR-readiness should be at the top of your list of must-have capabilities.
When GDPR goes into effect on May 25, 2018, any organization that hasn’t thoroughly vetted their CIAM tools could be in for a rude awakening. GDPR will require a number of changes to data management and usage practices, and perhaps the most intrusive ones involve customer consent. GDPR will attempt to remove any ambiguity in obtaining approval to collect and leverage personal data from customers, mandating companies to create explicit consent forms that require active customer opt-in. Not only that, but companies must have a clearly defined purpose for collecting any data from their customers, which they must sign off on. Enterprises will no longer be able to gather information with a vague objective in mind. Everything will have its specific place. This means that you can no longer collect customer profile data “on the side”, solely for marketing purposes without explicit permission. If the specific service you are offering doesn’t require, say, the job title, gender or age of the customer, but you are collecting that information only to be able to personalize your marketing campaigns or do lead scoring, you’d have to inform the customer about that purpose and get their explicit consent. That’s quite a change to today’s common practices. Just think about how many lead generation campaigns use landing pages asking for personal data before prospects can download a whitepaper — and how many of these pages collect far more data than what is needed for that purpose.
The penalties for violation will rank as some of the most severe of any data management regulation in any country or industry. Think HIPAA’s maximum $1.5 million fine is bad? Wait until companies get hit with GDPR penalties totaling as much as $23 million or 4 percent of their annual global turnover.
With so many odds and ends to account for with GDPR compliance, businesses may be at a loss of what to look for when evaluating CIAM tools on the market. Key areas to consider include:
This list is far from complete, but using it as a beginning framework, companies can take a deeper dive into identity management feature capabilities to determine how it can help you get GDPR compliant. One aspect to keep an eye on is how easy and cost-efficient it is to comply with GDPR standards with a given CIAM platform. The CIAM platform is not the end all be all for GDPR but it helps! If your current identity solution is technically capable of complying with GDPR, but requires a lot of internal legwork to execute and drives up implementation cost and total cost of ownership (TCO), it might be better to go with a better equipped vendor. If your organization is currently running or planning to run an inhouse-built CIAM solution, the TCO aspect is well worth revisiting as well.
Getting ready for GDPR is a challenging task, and May 25, 2018 is a fast approaching deadline. Keep in mind that there is a significant benefit to achieving this level of responsiveness and responsibility for handling your customers’ personal data: it is an opportunity to strengthen your brand image with consumers — in particular with those who are hesitant to hand over personal data. By showing your commitment to data privacy and solid and secure data management, and by giving consumers control over their data you can present your brand in a better light and establish more credibility with your customers. This will also lead to better and more reliable data. Once people can put more trust in companies their urge to use fake accounts and made-up data will clearly decrease.
We’ve just scratched the surface of absolutely necessary compliance capabilities, and there are plenty more to consider when reviewing your CIAM options. GDPR may seem complex, but your CIAM solution doesn’t have to be. For more information on what to look for in a CIAM platform and guidance on preparing for GDPR, please feel free to reach out to one of our compliance experts.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…