Complying with the General Data Protection Regulation
The purpose of GDPR is to give the general public of the EU control over their personal data and to ensure standardization of the rules and controls for the protection of personal data within the EU. GDPR became law on May 25, 2018 and is applicable for all organizations holding personal data of EU citizens and residents.
The GDPR regulations require organizations to process personal data securely. Article 5(1)(f) concerns ‘integrity and confidentiality’ of personal data – in short, it is the GDPR’s ‘security principle’. It states that personal data shall be:
‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’.
idenprotect’s Identity and Access Management features can hep in the following ways
Managing User Data
The ability to manage user details and transactions in a consistent and resilient manner helps ensure security, integrity and consistency for authorized access to resources.
Addresses GDPR articles 15, 16, 17, 20, 25
Consent of users
We use digital signatures as a method to record, confirm and timestamp the user’s decision. Due to the signing key
being under the sole control of the user, this provides a non-repudiable record of consent.
Addresses GDPR articles 7 & 8
Secure Customer Data
We employ a nuber of robust security controls to ensure that confidentiality, integrity and availability are appropriately maintained whether data is in transit, at rest or in use.
Addresses GDPR article 32
Self-Service for Users via the User Portal
Our technology platform allows users to see and make changes to their data in a secure and auditable way.
Addresses GDPR articles 15 & 16
Data Access Governance
We provide granular controls so that internal and external applications are allowed access to only specific attributes of the user’s digital identity where necessary.