CIAM Standards Best Practice
Facebook X LinkedIn

CIAM Standards Best Practice

Combined Session
Thursday, May 17, 2018 12:00—13:00
Location: AMMERSEE I

Implementing IAM for GDPR

IAM is a cornerstone in GDPR implementations, but both GDPR and IAM implementations are far from easy. Together, they are even more complex. In order to reap the benefits, you need to overlay two projects: building your IAM and creating your compliance program. These projects are very different in nature and owned by essentially very different people – legal and security, and may already in the beginning lack a common language.

In a successful cross-professional GDPR+IAM project, you need to understand how law and technology interplay in your organisation. In general, GDPR compliance has a nexus of touchpoints with IAM, but it needs to be supported by appropriate processes and documentation to be considered as a GDPR compliance measure by lawyers. Statutory security is not an easy read in the GDPR. Many of the documentation and process requirements contain essentially the same information as conventional access management, log and information security policies, but now with more content from GDPR, and aligned from a data privacy perspective.

Data protection requirements are more prominently present in CIAM implementations in the consumer market, because in addition to identity and access, they serve the core of the GDPR – i.e. efficiently manage personal data in a manner that overlaps data subject rights. In essence, CIAM implementation and architecture may provide companies great advantages in satisfying novel functional requirements of the GDPR, such as data portability.

Key Takeaways:

Implementing IAM for GDPR
Presentation deck
Implementing IAM for GDPR
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Kira Ahveninen-Kuha
Kira Ahveninen-Kuha
KPMG Finland
Kira has been leading cross professional data protection and cybersecurity law teams in multiple organisations, and currently head of KPMG Finland's cross disciplinary practice with data protection...

Fully Automated KYC Process and its Challenge in the Light of GDRP and New Regulations

1. Introduction- why do we need a KYC process 

2. How the KYC process can be automated

3. How the personal data is protected in the light of GDPR

Key takeaways:

Katarzyna Kazimierczak
Katarzyna Kazimierczak
Authenteq
Katarzyna Kazimierczak is COO at Authenteq, an automatic identity verification, and privacy platform, that issues a blockchain, self-owned and controlled digital ID. Katarzyna has lived and worked...

eIDAS In Practice - From Regulation to Implementation

eIDAS is identity federation within a trust framework on an unprecedented scale. In 2018 member states of the European Union will be required to recognise the eID's of other member states under the eIDAS Regulation. Connectis is leading the transition towards a Digital Single Market through various successful projects, co-financed by the European Union's Connecting Europe Facility.

Connectis already aided around 100 Dutch municipalities open up hundreds of services to citizens from other EU countries in an eIDAS-sustainable way. This experience provides lots of success stories, but also many lessons learned and the foresight of several hurdles ahead that we need to take, both on local, national and international levels.

Key Takeaways:

eIDAS In Practice - From Regulation to Implementation
Presentation deck
eIDAS In Practice - From Regulation to Implementation
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Esther Makaay
Esther Makaay
Connectis / SIDN
Esther Makaay is a digital identities professional. Her role is proposition development – identifying partners, getting pilots and projects started – for log-in solutions provider...
Subscribe for updates
Please provide your email address