Authentication

5 Things You Need to Know to Become a GDPR Authentication Hero


Take a deep breath. Okay, now process this: we are a mere 365 days until the General Data Protection Regulation becomes enforceable. That’s right, on 25 May 2018, a wave of new regulations embodied in GDPR go into effect with far-ranging consequences for your authentication and identity strategy.

If 365 days sounds like a lot of time to get your act together, seek out, test, and implement technology solutions that will align your organisation to the new regulation…then you’ve either never run a compliance regime or are not familiar with how modern IT works.

It can be done for sure, but you need to get started today. The first step is familiarizing yourself with these five key points about GDPR and your identities:

Identities Become Your Responsibility

With GDPR—even more than the Data Protection Directive 95/46/EC that it replaces—the identity requirements for your organisation are greatly expanded. Weak, static and easily-compromised credentials are going to be heavily scrutinized by auditors wherever they exist today.

The burden of securing and detecting a breach and reporting go up dramatically. You need to focus on understanding where sensitive information exists and who has access to it, then work to secure access between your users and the data using strong authentication.

You Must Go Beyond Passwords

In some cases, way beyond passwords. If you’re reading this as a mandate to implement two-factor authentication (2FA) everywhere, then you’re not quite getting it.

Whilst GDPR does not mandate two-factor and multifactor authentication solutions per se, a careful reading of the regulation leaves no doubt that if you leave simple, static passwords in place and you are breached, the auditors will come for you.

Smart organisations are looking to use the technology-refresh opportunity to get rid of passwords completely. As you plan your GDPR approach, look to eliminate passwords and move instead to more contextual, behavioral and risk-based solutions that deliver more convenient and secure options for your users.

It Doesn’t Matter Where You are Located in the World

Any organisation operating, storing or processing data within the European Union needs to be in compliance with GDPR on 25 May 2018.

That means if your organisation is not located in the EU but you run your data through an EU data centre or store information on EU customers with personally-identifiable information (PII) in the EU, you need to be in compliance with the new law.

This is a wake-up call to companies in the United States, Canada, Singapore, Japan, China, India and more who don’t think GDPR applies. You had better check your data flows. My guess is that more than a few companies are going to have a rude wake-up call next year.

The Fines are Steep…

The GDPR gets the most attention for its eye-opening-fine regime. Fail to be in compliance with the law’s many regulations and components, and you can expect to pay the greater of 4 percent of your global worldwide revenue or €25 million.

…and They Will be Enforced

Early indications are that EU regulators are looking to the enforcement clauses of the GDPR to use as a cudgel, perhaps to make an early example of a few non-complying companies.

Who knows if this is true but in any event, who wants to be the first organisation to suffer the reputational damage of non-compliance and have to explain that to the board?

Getting started today is essential. Whilst the GDPR has created a lot of confusion and uncertainly, one thing is clear: start with understanding where your sensitive data exists and determine who has access to it. Then use this opportunity to tech refresh and eliminate passwords.

Move to a next-generation authentication solution that will serve you well for this and other compliance regimes. Doing so will not only make you breeze through next year without any fear of fines, but will make you an authentication hero for your organisation.

Learn more about Crossmatch can help with GDPR compliance.

Marcin Majchrzak is the Regional Sales Manager for Europe at Crossmatch Technologies focusing on their Composite Authentication technology. He has over 10 years of experience in the technology industry working both for industry leading giants such as Intel where he was responsible for some of their key customers. Marcin’s experience also includes working at agile, fast growing technology start-ups such as Avecto where he was part of the team successfully helping Fortune 500 customers achieve the secure state of “least privilege” through implementing their award winning privileged access management solutions. Marcin has a B.A. from the University of Lodz and is fluent in English, German and Polish.
Market Trends
Data Breach Impacts Local Law Enforcement, Judges and Prosecutors
Enrollment
How One Country is Addressing the Refugee Identity Challenge
Enrollment
Solving the Challenge of “Combined” Fingerprints in EBTS 10.0
There are currently no comments.