FIDO – Passwordless Authentication with Privacy Priority
Data protection – a term that preoccupied consumers and companies alike long before the introduction of the General Data Protection Regulation (GDPR). For many people, the safety of their personal data is a sensitive issue. In a study we conducted for our Nevis Security Barometer, 95 per cent of respondents indicated that they are concerned about the security of their private data on the internet. The number one reason cited is the fear of their data being passed to third parties. That means that companies seeking to gain and retain the loyalty of their customers must ensure that they handle data in a trustworthy manner. A tool for consent and privacy management helps them keep track of which data they have gathered and with whom they share it. What’s more, it helps prevent infringements of the GDPR – which can be expensive.
Since 25 May 2018, the General Data Protection Regulation (GDPR) has controlled how public and private bodies throughout the EU can process personal data. According to this regulation, providers must first obtain the consent of website visitors before they can process their data for purposes such as using cookies. This must also be properly documented and administered. Likewise, users must be informed about which data is collected and for what purpose. The retention and storage of data in accordance with local directives must be guaranteed. Last but not least, appropriate measures must be taken to protect user data.
No risk of fines or reputational damage
The requirements of the GDPR apply regardless of how big or in which industry a provider operates. Consequently, no company can afford not to take the issue of data protection seriously. After all, data protection infringements can entail substantial fines. In the first year alone following the introduction of the GDPR, fines of half a million euros were imposed in Germany. Since the end of May 2021, the data protection authorities in the EU and the United Kingdom have demanded penalty payments totalling some 260 million euros. Note that this amount only covers the 570 cases that the responsible authorities have shared with the public so far.
However, companies that deservedly attract the attention of the data protection authorities not only run the risk of incurring costly fines but also of damaging their reputation. Anyone who wants to be sure that they meet all statutory requirements when handling personal data would be well advised to use a ready-made consent and privacy management solution.
How can consent and privacy management help?
Companies can easily integrate consent and privacy management tools into their IT infrastructure as part of their customer identity and access management solutions. They can then see for which data users have given which consent – and then know what data they are permitted to collect and whom they are permitted to share it with. Likewise, these tools allow companies to track in real-time which users have withdrawn consents. For this purpose, an audit trail is created for each user.
One element that meets customers’ expectations in terms of a good customer experience is their control over their personal data and their consent. They can also simply withdraw these at any time. All of this is made possible by opt-in and opt-out procedures.
At the same time, consent and privacy management can track users' opt-in and opt-out instructions across all the provider’s different platforms and applications. This means that if the user gives consent during a visit via a smartphone but not on a computer, the system records this. Additional tools, such as CRM solutions, can also be linked in the same way so they are automatically updated to reflect the current opt-in and opt-out instructions.
Note that the GDPR requires the opt-in to be based on “clear affirmative action”. In other words, a user’s silence cannot be construed as consent.
Transparency as defined by the GDPR
As we have seen, users’ communication preferences and their consent to legally binding agreements can be administered and processed with the help of consent and privacy management. It streamlines all the associated processes and guarantees absolute transparency when it comes to collecting, storing, deleting and anonymising personal data. It also gives companies an overview of which data can be forwarded to other organisations in which scenarios. In this way, a consent and privacy management tool ensures compliance with statutory regulations.
Component of customer identity and access management
Consent and privacy management is a fixed element of the customer identity infrastructure in customer identity and access management solutions (CIAM) such as that offered by the Nevis Identity Suite. This solution deploys additional functions to protect user data, such as multi-factor authentication (MFA), single sign-on (SSO), etc. With MFA, a login requires a combination of several identification factors. These could be a password and the device IP or a biometric factor of the type provided by iris or fingerprint scans. The more factors that are used, the better the user data is protected against unauthorised access.
If the CIAM supports SSO, users can log in with the same login data they use to authenticate themselves on their social media accounts. This spares them the laborious task of setting up a new online account.
In summary, we can say that a CIAM with consent and privacy management tool is a valuable aid to companies in meeting the wishes of consumers regarding data protection as well as the protection of their data in general.
