In May 2016, the European Union (EU) passed the GDPR, which went into effect on May 25, 2018. The GDPR will be the new primary law regulating how companies have to protect the personal data of EU residents. It is one of the most significant, most challenging and most disruptive regulations, and introduces a wide range of complex privacy related requirements impacting all organizations, including legal, compliance, information security, marketing, engineering, and HR.
This is true for companies with and without offices or data centers in the EU. Any organization that offers goods or services to EU residents, collects data of EU residents, or has employees in the EU will have to prepare to be in compliance with the new law, no matter where the company itself is located or incorporated, and no matter if the company acts as a controller or only as a processor of data. According to a report by Veritas, which surveyed more than 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the U.S. and Asia Pacific, 54 percent of organizations have not advanced their GDPR compliance readiness.
Yet many organizations are still ill prepared to sufficiently meet its demands. Given the GDPR effect date is approaching fast, organizations need to ensure they allocate budget and resources to implement governance processes, controls, tools and infrastructure to achieve compliance. Failing to do so comes at a high risk. Unlike many earlier regulations, the GDPR comes with significant penalties for non-compliance: fines up to 20 million EUR or four percent of total worldwide annual turnover of the preceding year, whichever is higher. Failure to comply can also cause serious damage to a company’s customer and partner relationships, public image, and brand value.
By the nature of its business, Janrain has extensive expertise and experience in achieving GDPR compliance. As a vendor of solutions for Customer Identity and Access Management (CIAM) that reaches more than 1 billion consumer identities for over 1,800 corporate clients, Janrain is in a highly critical position for its clients when it comes to GDPR readiness. Many of the company’s services are directly or indirectly the technical foundation for its clients to achieve compliance, and Janrain’s technology is a key part of what they will use to get themselves ready for the new regulation.
As a consequence of that, Janrain’s clients look to them for guidance, and they also expect them to be ready when they start their efforts.
√ Checkbox consent mechanisms for explicit consent
√ Progressive permissions
√ Easy data record access mechanisms
√ Data correction/integrity mechanisms
√ Data portability
√ Data erasure/deletion
√ Scoped access for users and integrations
√ Data pseudonymization
√ Age gating
To assist its clients, Janrain Services has created the GDPR Primer and GDPR Readiness Assessment to help discover gaps and recommend remediation plans for authentication, registration, security, and overall management of identity related processes, technologies, and data. Both offers are tailored to the individual needs of the client.
THE JANRAIN GDPR PRIMER
Discovery workshop in the range of 3-8 hours to address the basics and help corporations identify needs and gaps on their way to compliance.
THE JANRAIN READINESS ASSESSMENT
Services engagement that dives deep into the specific requirements for Customer Identity and Access Management (CIAM) processes. The assessment is typically an engagement in the range of 10-25 days, depending on the specific needs and requirements of the client.
PHASE I – Readiness and Gap Analysis
Janrain experts will work interactively with client teams to assess overall compliance with the GDPR requirements. The deliverables include a gap analysis and a detailed findings report.
PHASE II – Develop a GDPR plan
Develop a plan and prioritized roadmap based on remediation recommendations to address gaps identified in the readiness assessment. The plan will include an executive summary and a heat map outlining risks and level of effort, schedule, and budget and resource estimates.
PHASE III – Build consensus
Lead an interactive onsite review with key stakeholders and leadership to help build awareness, secure buy-in, and obtain and document agreement on the GDPR action plan.
PHASE IV – Implement programs
Janrain can help clients implement a wide range of CIAM initiatives and Janrain technologies. Immediate steps may include areas of risk such as specific identity processes that require more detailed diagnostics or remediation.
If you would like to learn more about how you can prepare your company to be GDPR ready, we are here to help. Contact us for more information about a GDPR Primer and Readiness Assessment.