Open AccessImpact of GDPR on Identity and Access Management
Author(s) -
Andrew Hindle
Publication year - 2020
Language(s) - English
DOI - 10.55621/idpro.24
Subject(s) - general data protection regulation , identity management , data protection act 1998 , legislation , identity (music) , business , compliance (psychology) , internet privacy , consumer protection , process (computing) , focus (optics) , access management , information privacy , computer security , public relations , access control , law and economics , political science , computer science , law , economics , psychology , social psychology , physics , optics , acoustics , operating system , computer network
This article examines the implications of the General Data Protection Regulation (“GDPR”, “Regulation”) on Identity and Access Management (“IAM”) process and system design. It introduces organisational and technical good practices that may help ensure demonstrable compliance with the Regulation as well as improve user experience and customer trust.Although the focus here is on the GDPR, the approaches described may, by extension, also help in complying with data protection legislation in other geographies including (for example) the California Consumer Privacy Act (“CCPA”), or the Brazilian General Data Protection Law (“LGPD”).