Organisations Say It’s “Impossible” to Reach GDPR Compliance Without CIAM


Organisations Say It’s “Impossible” to Reach GDPR Compliance Without CIAM

I know what your first reaction is: “Hold on a minute dear marketer…”. And I am a marketer. That’s why we needed to find out about a few things on how our customers and partners see the current situation. We made a survey with 5 simple statements:

“Strong customer authentication will grow in importance”

“(C)IAM-solutions enable / have enabled cost savings in customer service with self-service workflows”

“An (C)IAM-solution can improve customer experience”

“GDPR will improve customers’ trust towards online services”

“It will be impossible to reach GDPR compliance without a centralised identity management solution (one customer identity to all services and channels)”

Yes – we used the word “impossible”. It’s a strong word, especially considering that the GDPR is not about technology. It can help, sure, but it’s not a silver bullet. I suspect the % number would be considerably higher for the last statement if we’d used a statement like “It will be difficult to reach GDPR…”.

Why state that it’s impossible?

When considering the GDPR requirements and online services, we must consider one of the most basic features of Customer Identity and Access Management. The ability to use one identity across all services and channels.

Organisations that have multiple business lines, several online services, both business and consumer customers will be in the very deep end of the pool without a centralised identity and access management solution come May 2018. A consumer customer could have his data spread out to multiple business line services, and could have a business identity as well. Complying to some of the GDPR requirements if these are separated silos, could prove to be very challenging. “What data you have on me?”, “Can I transfer my data?”, “Could you please delete my information?” etc. The fundamental idea of a CIAM system is to reduce the number of identity silos towards a single management platform where identity data (all of it) can be reviewed, modified, deleted etc. Organisations that have already made this a reality will be ready to answer these data subject requests.

We have customers who have walked this path. They’ve implemented a CIAM solution and have started to integrate the identity information from these separate silos into a single solution, gradually removing the separate and isolated identity repositories (and reducing cost by eliminating the need for unnecessary maintenance of these separate islands). A prime example is the European Identity and Cloud Award winning solution for the telecom operator DNA. A DNA customer has a single identity to all their services, both consumer and business. Download the case study here.

If you have an organisation with a single or very few online services and not too many customers, the role of CIAM is not that highlighted. For organisations with multiple services spanning across business lines and customer profiles, CIAM can not only ease the path towards GDPR compliance, but bring other benefits, i.e. improving customer experience and reducing cost.

But don’t trust my word. Download the survey to read how online service providers and system integrators answered to these claims. You might be surprised how the participants answered the other questions. It might even help you sell the idea of a CIAM system internally in your own organisation. And if you do feel the need for CIAM, contact us now and let’s see how we can help.

You can check out the press release about the survey here.