Complying with the General Data Protection Regulation

The purpose of GDPR is to give the general public of the EU control over their personal data and to ensure standardization of the rules and controls for the protection of personal data within the EU. GDPR became law on May 25, 2018 and is applicable for all organizations holding personal data of EU citizens and residents.

The GDPR regulations require organizations to process personal data securely. Article 5(1)(f) concerns ‘integrity and confidentiality’ of personal data – in short, it is the GDPR’s ‘security principle’. It states that personal data shall be:


‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’.

idenprotect’s Identity and Access Management features can hep in the following ways


Managing User Data

The ability to manage user details and transactions in a consistent and resilient manner helps ensure security, integrity and consistency for authorized access to resources.

Addresses GDPR articles 15, 16, 17, 20, 25

Consent of users

We use digital signatures as a method to record, confirm and timestamp the user’s decision. Due to the signing key
being under the sole control of the user, this provides a non-repudiable record of consent.

Addresses GDPR articles 7 & 8

Secure Customer Data

We employ a nuber of robust security controls to ensure that confidentiality, integrity and availability are appropriately maintained whether data is in transit, at rest or in use.

Addresses GDPR article 32

Self-Service for Users via the User Portal

Our technology platform allows users to see and make changes to their data in a secure and auditable way.

Addresses GDPR articles 15 & 16

Data Access Governance

We provide granular controls so that internal and external applications are allowed access to only specific attributes of the user’s digital identity where necessary.

Addresses GDPR article 25