What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework formalized in the European Union (EU) in 2016 which came into effect on May 25, 2018. It harmonizes data privacy laws across Europe to protect all data belonging to EU citizens and residents. Organizations that cannot demonstrate GDPR compliance will be subjected to financial penalties up to 4% of their annual turnover, or €20 million (whichever is higher). The GDPR regulation concerns the processing and free movement of personal data belonging to an individual living in the EU. It is based on several well known privacy principles that are already in use as best practices.

Traditionally Identity and Access Management (IAM) is used by organizations to digitally manage identities (such as those of an organization's employees and customers of a business) and access to resources managed by them. With the privacy standard enforced by GDPR, an IAM tool has to broaden its scope by supporting an organization to implement the privacy standard and individual rights. Given this concerns end users, CIAM is able to help support the features that GDPR requires.