Enabling GDPR compliance
Some CIAM platforms offer high protection of Personally Identifiable Information (“PII”) and passwords, namely those that are certified against ISO 27001:2013 and SOC2 Type II standards.
So, how to make best use of the CIAM platform to have your web presence comply with the EU General Data Protection Regulation?
GDPR Art. 12 requires transparency about how PII is processed. Our architecture services set the principles to build on the superior security of a CIAM platform to protect PII. We diagnose your IT landscape to reduce the proliferation of PII and to control when, how, why and what data is copied to other systems. As such, they offer the opportunity to weed out sensitive data from your web servers and back-end systems.
GDPR Art. 4§11 and 6§1 forbids the processing of PII without consent. This means that collecting behaviour-related data and connecting it to an anonymous user (for example the IP address) is no longer allowed.
user’s right to access
GDPR Art. 15§1 requires that users must be able to view the data that is collected about them. Our widget makes this scalable and effortless thanks to the self-service ‘my account’ panels.
user’s right to be forgotten
GDPR Art. 17§1 requires that users can ask to be forgotten. When the user asks to be forgotten, our widget erases all PII in the account. However, it keeps certain data for you to remember who must be forgotten. Additionally, it keeps all legal indicators for you to handle potential claims. The miaa PushConnector plug-in ensures that the forget-me instruction is pushed to the back-end systems.
user’s right to object
GDPR Art. 21 requires that users can ask that their PII is not used for profiling. Our widget offers the option to withdraw a consent and the miaa PushConnector plug-in pushes such withdrawal to the back-end systems.
→ Contact us if you are interested in an audit, a quick scan or a workshop.