CIAM & GDPR Practice Day

  • TYPE: Workshop DATE: Friday, May 18, 2018 TIME: 09:00-12:30 LOCATION: AMMERSEE I
Friday Workshops


IAM is a cornerstone in GDPR implementations, but both GDPR and IAM implementations are far from easy. Together, they are even more complex. In order to reap the benefits, you need to overlay two projects: building your IAM and creating your compliance program. These projects are very different in nature and owned by essentially very different people – legal and security, and may already in the beginning lack a common language.

In a successful cross-professional GDPR+IAM project, you need to understand how law and technology interplay in your organisation. In general, GDPR compliance has a nexus of touchpoints with IAM, but it needs to be supported by appropriate processes and documentation to be considered as a GDPR compliance measure by lawyers. Statutory security is not an easy read in the GDPR. Many of the documentation and process requirements contain essentially the same information as conventional access management, log and information security policies, but now with more content from GDPR, and aligned from a data privacy perspective.

Data protection requirements are more prominently present in CIAM implementations in the consumer market, because in addition to identity and access, they serve the core of the GDPR – i.e. efficiently manage personal data in a manner that overlaps data subject rights. In essence, CIAM implementation and architecture may provide companies great advantages in satisfying novel functional requirements of the GDPR, such as data portability.

Key Takeaways:

  • Overview of cross-professional work in IAM implementations from a GDPR standpoint
  • Understand the documentation and processes implied by GDPR in identity and access management context
  • What GDPR considerations to keep in mind in CIAM implementations



Background: John Tolbert is a Lead Analyst and Managing Director of KuppingerCole, Inc (US). As Lead Analyst, John covers a number of different research areas, outlined below. John also advises cybersecurity and IAM vendors, from startups to Fortune 500 companies, regarding their product and...

Over the last couple of years consent management has become one of the key functions of a modern CIAM system. This is partly due to GDPR but also due to the simple fact that consumers are increasingly understanding the value of their private information and if the consumers can not understand for what purposes the information is used for the consumers will simply not provide the info.

The market leading CIAM systems provides strong consent management out of the box but many older installations has only basic functionality that simply will not meet neither GDPR nor the expectations of today's consumers. One solution is of course to upgrade to a modern solution but that may not be feasible for a number of different reasons.

The session discusses different options for retrofitting modern consent management into an existing CIAM solution including lessons learned and pitfall warnings.

Key Takeaways:

  • What consent management features do you need to meet GDPR?
  • What consent management features do you need to delight your customers?
  • How do you implement the critical features in an existing CIAM solution?


Martin Sandren is a CISSP and SABSA certified security professional with over fifteen years of experience of various information security related roles. Primarily focused on security architecture and identity and access management including large scale (20+ million users) customer IAM and...

Log in to download the presentation:  


Session Links

Munich, Germany


European Identity & Cloud Conference 2018

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 15 - 18, 2018 Munich, Germany