Upload
sagara-gunathunga
View
77
Download
1
Embed Size (px)
Citation preview
Director, WSO2
GDPR impact on Consumer Identity and Access Management (CIAM)
Sagara Gunathunga
Digital Transformationwill decide and shape
the destiny of your business
Digital Transformation is no longer a nice to have or a differentiator, it’s about the survival of your business
Is it the Right Time to Think?
A nice to have
A differentiator
For survival
Is it Real? Look Around You!
Is it Real?
• Sales increasingly based on real user reviews and ratings than traditional marketing
• Physical stores replaced with digital channels (web stores, mobile apps, IVR solutions)
• Fast consumer response time and convenience means connectivity (e.g. Facebook, Twitter, WhatsApp)
Digitize Delivery Channels
Generic user experiences don’t work, consumers now expect
– A highly personalized experience
– Control over preferences – Relativeness of content
Personalized User Experience
Knowing Your Customer is Key!
Personalized experience
What Does CIAM Offer?
CIAM
Connect with consumers
Consumer data protection
What Does CIAM Offer? Bring Your Own Identity (BYOI)
Minimizes registration fatigue by providing wide range of options for consumer on-boarding through trusted social identity providers, such FB, Twitter, Google
Bring Your Own Identity (BYOI)
New to Hi! Sign Up
WelcomeSagara
Consumer Authentication• Social logins eliminate password management
complexities from consumer and business side • Out-of-the-box support for strong authentication
options, such as two-factor authentication• Risk-based adaptive authentication options
What Does CIAM Offer?
Social Logins
New to Hi! Sign Up
WelcomeSagara
Two-Factor Authentication
STEP 1
STEP 2
WelcomeSagara
What Does CIAM Offer? Single sign-on (SSO)
• Social logins eliminate password management complexities from consumer and business side
• Out-of-the-box support for strong authentication options, such as 2-factor authentication
Welcome
Welcome
What Does CIAM Offer? Progressive profiling
The process of how the system learns about a customer in a progressive manner
• Regulation implemented in EU and goes in effect May 2018
• Personal data processing organizations established in EU, and organizations outside EU that process personal data from individuals in EU need to comply
• Up to 4% of revenue penalties for violations
GDPR
• Recognizes protection of personal data and control over processing of personal data as a fundamental right of an individual
• Provides processing organizations certainty on personal data processing
• Wider definition for personal data as personally identifiable information (PII)
GDPR
• Consent lifecycle management– User onboarding based on active consent – Ability to review given consent and revocation– Ability to demonstrate proof of consent– Consent per purpose – Consent design
GDPR Impact on CIAM
Consent Lifecycle Management
WelcomeSagara
New to Hi! Sign Up
• CIAM solutions should provide a self-care portal for consumers– Review already given
consent– Revoke given consent
Consent Lifecycle Management
Consent Design• Consents from a CIAM solution should meet design
consideration mandate by the GDPR– Informed– Active opt-in – Unbundled– Named– Easy to Withdraw – Granular – Considerations for children's consent
GDPR Impact on CIAM • A CIAM solution
should address– Privacy by design – Privacy by default
A CIAM solution should facilitate implementation of consumer rights
GDPR Impact on CIAM The right of transparency
and modalities
The right to be informed
The right of access
The right to notification
obligation
The right to rectification
Rights in relation to
automated decision making
and profiling
The right to data
portability
The right to object
The right to restrict processing
The right to be forgotten
• Self-care portal is an ideal solution to implement consumer rights– Review user profiles– Alteration of user profiles– Deletion for user profiles– Keep user profile up-to-
date – Support user profile
portability
GDPR Impact on CIAM
• Digital transformation is critical for business survival
• GDPR enhances consumer privacy, poses new challenges for organizations
• A proper CIAM tool can help you win the digital transformation battle in a GDPR compliant manner
Conclusion
wso2.com