Identity Proofing and GDPR: What Businesses Need to Know Now

Identity Proofing and GDPR:

What Businesses Need to Know Now

On May 25, 2018, the European Union’s long-awaited General Data Protection Regulation took effect. The statute, which EU legislators developed over the course of five years and approved in 2015, transformed the worldwide digital ecosystem in 24 short hours, shifting the balance of power away from the data-focused enterprise and toward the data subject, or user.

The European General Data Protection Board, the regional watchdog responsible for assessing GDPR compliance, has received a flood complaints in the month since the regulation became active. Analysts had expected such an influx of grievances, since a significant number of the organizations subject to the GDPR went into the implementation deadline unprepared. Moreover, businesses are struggling to comply with all of the regulations. As of April 25, 2018, researchers for the SAS Institute had projected that 93 percent of the businesses affected by the regulation were not compliant.

While some of the enterprises likely addressed any issues before the GDPR implementation deadline, it seems a good number are still struggling to put into place sustainable compliant user privacy protections. The GDPR consists of 99 articles, with plenty of roadblocks international companies to navigate around. Those with privacy programs that include user identity verification, an ideal approach to GDPR compliance, are likely to tangle with two of the eight core user rights established in the regulation: the rights to access and erasure, respectively.

Organizations emphasizing user identity verification in their data privacy policies should familiarize themselves with these user rights and adopt proactive strategies for ensuring them.