General Data
Protection Regulation
  • Assess the Business Impact
  • Be prepared
  • Accelerate Business Growth

Impact of GDPR and other privacy laws

Centered on user consent, GDPR is a law that a lot of other countries emulated given the importance of user privacy. Brazil’s Lei Geral de Proteção de Dados (LGPD) and the California Consumer Privacy Act (CCPA) are such examples.

Some of the compliance challenges included the knowledge gap in implementation and complex nature of the regulation. Some businesses had to terminate operations simply due to the nature of their business i.e. data collection. The hefty fines (€20,000,000 or 4% of total annual global turnover) was of major concern and the compliance speed varied from industry to industry (finance and banking heading the way) and geographically.

Surely dealing with data isn’t easy. But ensuring your customer’s privacy ensures benefits in the long run.

Look beyond compliance, leverage the benefits

GDPR and similar privacy laws such as CCPA or LGDP may appear to be a challenge, but there’s potential opportunity for a new level of business growth because it prioritizes user consent. And those who adopt early, which is now, can leverage the benefits.

Benefits to people living in the specific region

  • Personal data belongs solely to the individuals
  • Well-defined boundaries for privacy
  • Ability to engage with businesses in a trustworthy and transparent manner

Benefits to your business

  • Be certain about the integrity of the data you process (i.e. no false leads)
  • Build brand loyalty with customers that now trust your company even more
  • Target the right customers with the right material to enhance your customer experience

Learn about other privacy laws


Deals with residents in California. Businesses that engage with residents in California must comply with CCPA by January 1, 2020.

Watch our webinar to learn more
Beyond compliance video by Paul Freemantle
play button

Why WSO2?

You need to select the right technology that allows you to not only accelerate compliance but also take advantage of the regulation to rapidly grow your business. WSO2’s cloud native, open source platform facilitates the agility and innovation required to keep pace with rapidly evolving markets and regulations. What’s more, all the products are now fully GDPR compliant!

GDPR for different industries

How does WSO2 help?

The complete WSO2 Integration Agile Platform is GDPR compliant. And each component of the platform can be used to build GDPR solutions for your enterprise. WSO2 Identity and Access Management (IAM) along with secure WSO2 API Management help to address the new requirements of GDPR, such as customer data privacy, a self-care portal to enable customer rights defined in the GDPR and full-scale consent lifecycle management. The WSO2 IAM solution also offers the ability to adhere to the right to be forgotten with the WSO2 Privacy Toolkit.

Consent management

The processing organization should able to demonstrate proof of consent and allow individuals to review previously given consents and withdraw it if necessary.

Consent management with WSO2 Identity Server

  • A comprehensive RESTful API which supports Kantara consent management specification. With the use of this API, you can enable consent management for any application while avoiding vendor lock.
  • Self care portal to manage user’s consents, where users can go back to their consent declarations at any time for review, validation, revocation, or other changes.
  • User consent for
    • Self sign up to provide consent when a user self registers
    • Single sign-on/federation to provide users with choice and control over sharing their personal data
    • OpenID Connect which integrates user consent management into OIDC authorization code and implicit flow
    • Consent purposes management in administrative portal to provide an interactive UI to manage consent purposes/PII categories
  • Personal information export capability so end users can retrieve personal information stored in WSO2 Identity Server.

Privacy by design and privacy by default

GDPR states that the processing organization should adopt internal policies and implement measures that meet, in particular, the principles of data protection by design and data protection by default. A data protection impact assessment will help you achieve this by ensuring that all personal data collection, processing, storage and destruction measures are designed to secure privacy.

GDPR elements - Privacy by design and privacy by default

The right to be forgotten

The “right to be forgotten” is a user right outlined in GDPR, which gives individuals the right to request the organization to erase their personal data with immediate effect. Erasing all record of this individual’s activity may impact your business processes, so the best way to comply is to only remove data that can identify the individual.

The privacy tool kit

WSO2 provides a Privacy Toolkit, which helps you easily anonymizing records related to a deleted user to fully comply with the right to be forgotten rule. Learn more here.

What's your GDPR query?

Yes, I would like to receive emails from WSO2 to stay up to date on new releases and updates.