12th January 2018

GDPR & midPoint

General Data Protection Regulation (GDPR) is all about the protection of personal data. For vast majority of organizations it would be impossible to handle the GDPR requirements without any support from a good software. Some of them would try to modify the software they already have, but will quickly find out this is a long run and expensive option. As the GDPR is all about proper governance of identity data, deployment of an identity management and governance solution is a reasonable step.

Such solution will help the organization to map the processes, clean up the data, implement proper data processing management or even set up the policies. Identity management and governance solution will also make the work feasible, as this is almost impossible to do manually in a large data sets. However, a good solution will make the effort even efficient. And that’s what midPoint is designed for!

Complying with the GDPR requires a good technology

MidPoint as identity management and governance solution can smoothly cope with the implementation of data protection methods. It can manage the personal data not only of the clients, but also the suppliers, partners or even the employees. MidPoint will help you with accountability, as it is the key in presenting evidence of compliance with the GDPR and it will also provide necessary visibility over identity data to meet other requirements of the regulation.

Identity management systems are excellent record keepers and midPoint is not an exception. By keeping data and meta-data about the operations over the identity data midPoint knows what happened, when and how. But not only that. MidPoint will also provide information what is the reason the identity data are recorded and processed. And that is exactly what the GDPR mandates, as it does not allow processing of personal data without a lawful basis. MidPoint will provide you the records about the lawful bases for data processing. For every single account in every system.

There are many types of lawful basis. Consent is one of them. MidPoint knows the scope the consent was given for. It can easily compute which accounts need to be deprovisioned, which attributes erased and which services disabled. It can take care of processing the consent data quite easily as well as revoking the consent. This is exactly what midPoint was built for.

However, two aspects of the GDPR are often overlooked: right to data rectification and erasure. A good IDM system should be able to process a data subject’s request for correction of the data or their complete erasure. MidPoint is ready to help you to reach the GDPR compliance in these aspects too.


A proper management of personal data is just one of many things that IDM systems such as midPoint do as they have much more to offer. A quality IDM solution speeds up IT processes, enables new services and improve time-to-market. But most importantly, IDM significantly improves organization’s security. It is always a good idea to consider deployment of identity management solution. And GDPR is an excellent opportunity to do so. Get in touch with us and learn more about how midPoint can help you with GDPR!

Contact us