Enabling GDPR compliance

Some CIAM platforms offer high protection of Personally Identifiable Information (“PII”) and passwords, namely those that are certified against ISO 27001:2013 and SOC2 Type II standards.

So, how to make best use of the CIAM platform to have your web presence comply with the EU General Data Protection Regulation?

provide transparency

GDPR Art. 12 requires transparency about how PII is processed. Our architecture services set the principles to build on the superior security of a CIAM platform to protect PII. We diagnose your IT landscape to reduce the proliferation of PII and to control when, how, why and what data is copied to other systems. As such, they offer the opportunity to weed out sensitive data from your web servers and back-end systems.

obtain consent

GDPR Art. 4§11 and 6§1 forbids the processing of PII without consent. This means that collecting behaviour-related data and connecting it to an anonymous user (for example the IP address) is no longer allowed.

Our widget reduces the threshold for registering users. Moreover, it enables obtaining fresh consent from the user: in combination with the miaa PolicyChecker, it actively obtains user acceptance of the most recent version of your privacy policy.

user’s right to access

GDPR Art. 15§1 requires that users must be able to view the data that is collected about them. Our widget makes this scalable and effortless thanks to the self-service ‘my account’ panels.

user’s right to be forgotten

GDPR Art. 17§1 requires that users can ask to be forgotten. When the user asks to be forgotten, our widget erases all PII in the account. However, it keeps certain data for you to remember who must be forgotten. Additionally, it keeps all legal indicators for you to handle potential claims. The miaa PushConnector plug-in ensures that the forget-me instruction is pushed to the back-end systems.

user’s right to object

GDPR Art. 21 requires that users can ask that their PII is not used for profiling. Our widget offers the option to withdraw a consent and the miaa PushConnector plug-in pushes such withdrawal to the back-end systems.

→ Contact us if you are interested in an audit, a quick scan or a workshop.