General Data Protection Regulation: a lot of people are already familiar with that. Much more people will have to get familiar with it quite soon. GDPR may be seen as a trouble and there is definitely a lot of work to be done for GDPR compliance. But, honestly, such regulation was bound to happen sooner or later. So, here it is. The essence of GDPR is a protection of identity data. And any engineer who haven’t spent last decade locked up in a basement can easily see where GDPR leads when it comes to technology. Yes, the answer is identity management and governance.
I would love to tell you that all you need is to purchase an IDM system and your GDPR problems are over. Of course, that is not entirely true. But there is a fraction of truth in that claim. For vast majority of organizations it would be impossible to handle the GDPR requirements without any support from a good software. Some companies would be able to handle GDPR requirements by modification of the software that they already have. But many companies will surely discover that this is a slow and expensive path – especially in the long run. Yet, identity management and governance software is a very good fit for GDPR requirements. And there is a reason. GDPR is all about proper governance of identity data. And that is exactly what identity management and governance systems are designed to do.
Deployment of an identity governance solution is a necessary condition, but it is not a sufficient one. Identity management and governance systems are great tools, but there in no magic bullet. You will need to use those tools properly. You will need to map the processes, clean up the data, implement proper data processing management, set up the policies and so on. Identity management and governance tools can make that work feasible, as this is almost impossible to do manually in a large data sets. Good identity management system will even make that effort efficient. But there is still a lot of work that the data protection, security and business staff must do to make organization GDPR-compliant.
When it comes to GDPR and identity governance there is quite a simple advice:
- If you already have IDM system: good. Extend the IDM solution to support GDPR use cases. If it cannot be extended, it is perhaps the right time to upgrade your deployment to a next-generation solution. Conduct a GDPR compliance feasibility study for your IDM solution as soon as possible.
- If you do not have IDM system but you are considering one: you are on the right path, but you have to hurry up. Deployment of an IDM solution takes time. May 2018 is closer than it appears. This is the right time to start an IDM deployment project.
- If you are not even considering IDM solution: perhaps this is the time to change your mind. Look around. We are not in 2000s any more. The IDM solutions have evolved and now there is a second generation of IDM solutions available on the market. These are much more flexible and lightweight products. It is worth having a look.
The advice is simple, but the resulting effort is likely to be quite complex. Therefore, the time is high to get started with GDPR. Whatever path you take one thing is quite clear: it is almost impossible to handle this without good technology.