There seems to be a misconception that added security regulations result in more friction, costs and overall burden to the user. However, I don’t believe this to be the case with the European Union’s General Data Protection Regulation (GDPR).
If you don’t already know, GDPR came into effect on May 25, 2018, and will radically change internet privacy law in the EU and affect the way data is collected, stored and used, as well as how data breaches are disclosed to the public, all with the aim of protecting individual user privacy.
GDPR is just another event of digital disruption
Whether we like it or not, digital disruption has and will continue to take place in all aspects of our lives. If organizations plan on investing in secure solutions, they need to look at total cost of ownership (TCO) and how it will evolve their business for the future and be in a position to adapt to laws that are inevitable in the given landscape.
When you consider GDPR as just another event of digital disruption – something that creates a new set of rules you have to adapt to in order to compete – it widens the strategic outcomes you can achieve beyond just complying with a new regulation. After all, regulations like GDPR are designed to be helpful – to serve a greater good – which is something that you can pass on to your users as a better user experience.
While regulations may seem to exist to restrict what we can do, taking them more as a directive for the future needs of users positions your enterprise to be ready for when these events occur. Note that the lead-up to the adoption of GDPR was based upon a demand made by EU citizens. Evidently, privacy is an important aspect of the user experience in the EU.
You don’t have to sacrifice security for user experience
Modern security solutions have evolved beyond a central focus on security and have fully absorbed the user experience into how today’s solutions are innovated. Many of these help secure and streamline the user experience, and have adapted sophisticated methods to remove friction for users. Enterprises that now face the challenge of complying must assess whether or not their current authentication provider is going to be able to give them what they need to do so now, and how they plan on innovating around the shifting dynamics of privacy, security and enablement that are at the core of modern authentication.
Gartner predicts that more than 50% of companies affected by GDPR will not be in full compliance with its requirements .
We can’t always just look at the immediate effect security and regulations will have on our enterprise and users – we have to truly consider what's ahead to stay competitive in the marketplace. From an authentication standpoint, GDPR will affect how enterprises protect and secure data, based on risk, which includes the threat of an attacker circumventing 2FA or any other security layer in place. Enterprises must also be able to erase data or forget users completely if needed. Data subjects will now be permitted to access and ratify inaccurate personal data.
GDPR may present new challenges. However, by approaching the new regulation as a matter of improving the user experience, enterprises can find a way to not only comply with these new laws but turn that compliance into a better user experience.