Director, WSO2

GDPR impact on Consumer Identity and Access Management (CIAM)

Sagara Gunathunga

Digital Transformationwill decide and shape

the destiny of your business

Digital Transformation is no longer a nice to have or a differentiator, it’s about the survival of your business

Is it the Right Time to Think?

A nice to have

A differentiator

For survival

Is it Real? Look Around You!

Is it Real?

• Sales increasingly based on real user reviews and ratings than traditional marketing

• Physical stores replaced with digital channels (web stores, mobile apps, IVR solutions)

• Fast consumer response time and convenience means connectivity (e.g. Facebook, Twitter, WhatsApp)

Digitize Delivery Channels

Generic user experiences don’t work, consumers now expect

– A highly personalized experience

– Control over preferences – Relativeness of content

Personalized User Experience

Knowing Your Customer is Key!

Personalized experience

What Does CIAM Offer?

CIAM

Connect with consumers

Consumer data protection

What Does CIAM Offer? 1. Bring Your Own Identity

(BYOI)Minimizes registration fatigue by providing wide range of options for consumer on-boarding through trusted social identity providers, such FB, Twitter, Google

Bring Your Own Identity (BYOI)

New to Hi! Sign Up

WelcomeSagara

2. Consumer Authentication• Social logins eliminate password management

complexities from consumer and business side • Out-of-the-box support for strong authentication

options, such as two-factor authentication• Risk-based adaptive authentication options

What Does CIAM Offer?

Social Logins

New to Hi! Sign Up

WelcomeSagara

Two-Factor Authentication

STEP 1

STEP 2

WelcomeSagara

What Does CIAM Offer? 3. Single sign-on (SSO)

• Social logins eliminate password management complexities from consumer and business side

• Out-of-the-box support for strong authentication options, such as 2-factor authentication

Welcome

Welcome

What Does CIAM Offer?

4. Progressive profilingThe process of how the system learns about a customer in a progressive manner

• Regulation implemented in EU and goes in effect May 2018

• Personal data processing organizations established in EU, and organizations outside EU that process personal data from individuals in EU need to comply

• Up to 4% of revenue penalties for violations

GDPR

• Recognizes protection of personal data and control over processing of personal data as a fundamental right of an individual

• Provides processing organizations certainty on personal data processing

• Wider definition for personal data as personally identifiable information (PII)

GDPR

• Consent lifecycle management– User onboarding based on active consent – Ability to review given consent and revocation– Ability to demonstrate proof of consent– Consent per purpose – Consent design

GDPR Impact on CIAM

Consent Lifecycle Management

WelcomeSagara

New to Hi! Sign Up

• CIAM solutions should provide a self-care portal for consumers– Review already given

consent– Revoke given consent

Consent Lifecycle Management

Consent Design• Consents from a CIAM solution should meet design

consideration mandate by the GDPR– Informed– Active opt-in  – Unbundled– Named– Easy to Withdraw – Granular – Considerations for children's consent

GDPR Impact on CIAM

• A CIAM solution should address– Privacy by design – Privacy by default

A CIAM solution should facilitate implementation of consumer rights

GDPR Impact on CIAM The right of transparency and modalities

The right to be informed

The right of access

The right to notification obligation

The right to rectification

Rights in relation to automated decision making and profiling

The right to data portability

The right to object

The right to restrict processing

The right to be forgotten

• Self-care portal is an ideal solution to implement consumer rights– Review user profiles– Alteration of user profiles– Deletion for user profiles– Keep user profile

up-to-date – Support user profile

portability

GDPR Impact on CIAM

• Digital transformation is critical for business survival

• GDPR enhances consumer privacy, poses new challenges for organizations

• A proper CIAM tool can help you win the digital transformation battle in a GDPR compliant manner

Conclusion

wso2.com