Controlling access: The key to GDPR compliance
When the GDPR comes into effect on 25 May 2018, amongst other challenging requirements, it will demand organisations record, and demonstrate control over who can access any personal identifiable data that is collected or stored from any individual in the European Union (EU).
Much has been written about the big stick fines GDPR threatens, of up to 20 million euros, or four percent of an organisation’s global annual turnover – whichever is the highest – for failure to comply. But there is also a carrot. With the knowledge that, in our digital world, being able to create trusted customer relationships is a business opportunity and wealth generator, GDPR legislators have created opportunities for businesses to differentiate themselves by achieving GDPR data protection certification marks and seals.
Right now, organisations are at very different points in their journey towards GDPR – seeking to answer hard data accountability questions such as:
- Why are we holding personal data?
- How did we get it?
- Why was it gathered originally?
- How long has it been held?
- How secure is the data in terms of accessibility and encryption?
- Do we share this data with third parties?
Answering the last two questions requires a robust approach to limiting access to personal data and a clear audit trail of when it was accessed and by whom. This is just one step towards compliance with the GDPR’s accountability principle, which requires organisations to demonstrate and document fine-grained compliance with data protection principles whilst doing business – wherever your users are working and whatever devices they use.
Ilex International’s Adaptive Authentication works across all devices, and gives administrators the ability to set and manage granular controls around access variables, such as user privileges, geographical location, type of browser, time of day or authentication type.
Fill out the form below to download the full paper
* Mandatory field
Back to news