Connect with us

TECHNOLOGY

Key to GDPR compliance: Controlling access to personal data

By Thierry Bettini, Director of International Strategy, Ilex International

Thierry Bettini

Thierry Bettini

The General Data Protection Regulation (GDPR) is not a technology issue. When the GDPR comes into effect on 25 May 2018 it will demand organisations record and demonstrate control over who can access any personal identifiable data that is collected or stored from any individual in the European Union (EU). The establishment of this capability is the true technology issue companies will face when adapting to the new regulation.

GDPR will change the game when it comes to consumer control over their privacy and data. The regulation aims to harmonise data privacy legislation across the EU, and protect every person using technology, regardless the degree to which they use it. Much has been said about the big stick fines GDPR threatens, of up to 20 million euros, or four percent of an organisation’s global annual turnover, for failure to comply. But there is also a carrot.  With the knowledge that, in our digital world, being able to create trusted customer relationships is a business opportunity, as well as a wealth generator, GDPR legislators have created opportunities for businesses to differentiate themselves.  Companies can get ahead of the game by achieving, creating and marketing GDPR data protection certification marks and seals. #

Right now, organisations are at very different points in their journey towards GDPR. This means there is an increased demand to answer hard data accountability questions, such as:

  • Why are we holding personal data?
  • How did we get it?
  • Why was it gathered originally?
  • How long has it been held?
  • How secure is the data in terms of accessibility and encryption?
  • Do we share this data with third parties?

Answering these questions, especially the last two, requires a robust and fool proof approach to limiting access to personal data, with reference to a clear audit trail of when the data was accessed and by whom. This is just one of the many steps heading towards compliance with the GDPR’s accountability principle, which requires organisations to demonstrate and document fine-grained compliance with data protection principles whilst doing business.

 Adaptive Authentication

When it comes to Privacy Impact Assessments, weak access credentials or authentication processes will be red flags for GDPR compliance officers. Proving, as well as controlling, who is accessing personal information, where they are accessing it, and for what purpose, will be critical.Organisations can limit this risk with easily managed, flexible multi-factor authentication solutions, applicable to any personal data, wherever it may reside.

How can Adaptive Authentication effectively support your organisation’s strategy to achieve GDPR compliance?

  • Manage, control and administer all of your users and endpoints in one central place
  • Allow and establish visibility of precisely who is accessing personal information and from where
  • Build additional security layers to ensure and prove your protection of personal information
  • Protect privileged accounts from misuse and breach
  • Offer a practical and cost-effective way to deliver Privacy by Design principles
  • Compliant with all relevant industry standards

Simple for administrators : Adaptive Authentication works across all commonly-used devices, and gives administrators the ability to set and manage granular controls around access variables. These may include elements such as user privileges, geographical location, type of browser, time of day or authentication type.

 Simple for Data Protection Officers: When you talk to your Data Protection Officer (DPO), applying this level of contextual, behavioural risk management will reassure them that you have the necessary control of data access for GDPR compliance. Let’s not forget that the introduction of GDPR will include the 72 hour breach-reporting requirement that will come into force next May. Using Adaptive Authentication will enable you to show your DPO how easily and quickly you can run a detailed report of exactly which data was accessed.

 Simple for Users: Any layers of access control an organisation may implement should always be effective, but also simple for anyone to use.  Once a user gains access, the smart solution remembers the various elements of that connection in context. This may include aspects such as the device used, the web browser, the IP address, etc. This is one of the ways an Adaptive Authentication solution will combine user-friendly and efficient activity with ultimately reduced risk online.

GDPR is coming, but this doesn’t have to be a bad thing. Adaptive Authentication systems are an easily-implemented and effective way to ensure complete compliance with the new regulation, which can only be a good thing in the long run in both the online and physical worlds.

To find out more about Ilex International and it’s range of Identity and Access Management solutions, click here.

Thierry Bettini

Thierry holds a PhD in Economics from the Sorbonne University and has over 25 years of experience in the IT industry. His career started at Air France in London and New York where he led several IT projects and participated in the major restructuring of the company’s Sales and Marketing strategy. He then went on to hold senior executive positions for international software vendors and IT consulting firms.

Thierry’s return to Ilex in 2014 coincided with the company’s decision to consolidate its strong position in Europe and to focus on its international development.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Recent Posts