GDPR, Consent, Relationships

  • TYPE: Expert Talk DATE: Thursday, May 11, 2017 TIME: 12:00-13:00 LOCATION: WINTER GARDEN
Cyber Security Experts Stage


Companies that manage consumer identities and personal profiles have a bit more than one year left to comply with the new European General Data Protection Regulation (EU-GDPR).  

A core requirement coming up with GDPR is that parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time. Keeping an audit able trail of consent and revocation during the whole customer identity life cycle is a significant requirement not covered by traditional Identity & Access Management (IAM) solutions. 

In this talk, we will have a look at what makes the difference between employee focused IAM and Customer focused IAM (CIAM) and what a CIAM solution needs to provide in order to help your organization mastering the GDPR (and PSD2) challenges. Some of the key takeaways will be:

  • GDPR & PSD2 requirements for consent life cycle management
  • Proposals on where and how to implement this capability
  • How to take advantage of the UMA (User Managed Access) Standard defined by Kantara Initiative
  • How to turn GDPR requirements into a business advantage


Corné van Rooij is VP Product Management at iWelcome. He is also responsible for iWelcome’s Strategic Alliances. He has been working in the Security market for more than 20 years of which the last 15 years at two well know Identity and Access Management vendors. He is passionate...

Whether we deal with consumer, partner or employees within Identity Management: It all comes down to the relations the digital identity has. Most current IDM solutions are still driven by attributes and roles: If a matching role or attribute is assigned, access is granted (or a specific process is triggered). This works fine with a reasonable number of attributes and roles, but will fail in a mesh of connections to smart devices, things or other entities related whose might need to be enabled to act on behalf of the digital identity.

Attribute or role-based management of identities is like cinema in 2D: it lacks depth (and profundity). A more complete picture is available as soon as we embrace all the related and connected entities (people, jobs, roles, departments, timezone, things, current context), maybe even in a transitional manner.

A relationship can carry much more information than an attribute or a role, and combined with a semantic definition of the entities we would be able to build a truly 'smart' system, which can handle 'Things' rather than 'Strings'.

The case study
Our case study will describe an early IDM system driven by relations, which was already implemented 2008 at a large customer side. During the current re-design phase we are evaluating new processes, paradigm and technologies to build a smarter IDM.

Key Takeaways:

  • Benefits of using relationship handling on IAM/IAG
  • How to benefit from semantic approaches within IAM/IAG
  • Relationships between Semantics / Ontologies and the shift to artificial inteligence


Thorsten has more than 20 years’ experience within the field of Directory Technologies, Identity Management and Data Privacy. As a technical trainer, consultant and developer he co-developed one of the first Identity Management Solutions which was fully driven by Entity-Relationship...

Data, People and Software security: how does them relate to the GDPR security principles? Our easy-to-use solutions provide transparent controls that can assist for implementing many of the security principles mandated by the GDPR. Security Operations Centers (SOCs) are feeling stretched as modern cyber-attacks are becoming more frequent, latent, and hidden. In this new attack landscape, network-centric security is no longer enough because threats come from inside and outside the network. Oracle Identity SOC is an identity-centric, context-aware intelligence and automation framework for security operations centers, backed by advanced user behavior analytics and machine learning to spot compelling events that require automated remediation.


Watch the video:  
Log in to download presentations:  


Session Links

Luca Martelli - The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era

Munich, Germany


European Identity & Cloud Conference 2017

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 09 - 12, 2017 Munich, Germany