August 30, 2019

What is GDPR?

The European Union’s General Data Protection Regulation (GDPR) is designed to enhance EU citizens’ control over the data companies hold about them.

While the goal is simple, achieving compliance isn’t easy for most enterprises. It requires a comprehensive review of who has access to what data and where regulated data resides, along with the ability to conduct required security audits and implement continuous controls.


of business risk can be
tied to just 5% of users


minimum fine for
non-compliance to GDPR

Who does GDPR affect?

While the regulation applies only to EU citizen data, all companies worldwide that operate in the EU, or have websites that can be found in the EU, must comply with these regulations, truly creating a global impact.

This regulation requires material changes in how and where organizations store customer data, and more importantly, how they grant access to that data to employees, contractors and business partners.

How can SailPoint help you comply with GDPR?

Our open cloud identity governance platform makes it easy for you to stay compliant by seeing and controlling access to all your apps and data for every user, including bots.

Discover How

Implementing an IAM strategy for GDPR 

Effective identity and access management (IAM) helps to protect systems, helps to inform when systems might be under assault, and enables organizations to see who can access what resources and how those resources are being used. 

The problem for many organizations is that their identity management capabilities aren’t yet at an effective level.  

Many still don’t have their identity programs where they need to be, let alone where they’d like them to be. They don’t know where their most valuable information resides, and many of the processes around adding, managing, and removing users are manual.  

This is certainly not good under any circumstances today, but especially bad when it comes to attaining GDPR compliance. 

The first step for any organization is to understand who its users are, what those users should have access to for their jobs, as well as where sensitive and regulated data resides.  

For GDPR, this means EU citizens’ PII, or personal identifiable information. There’s no way to build an effective identity management program without being able to assign data to its owners and control who can have access to that data. 

That requires that the provisioning and de-provisioning of access happens as a normal course of business, and automation makes certain that capabilities such as self-service access requests and automated access certification can occur as they should.  

Perhaps most importantly, beyond GDPR compliance, is that all of the enhanced data and user access information will better inform security-monitoring tools, such as security information and event managers, so security teams can make better decisions. 

Those that take the opportunity to build a better identity management program will certainly be better off in the long run. In fact, much of what we are discussing now are capabilities enterprises should have put into place years ago. 

What if your organization doesn’t comply?

Financial penalties for data breaches involving EU citizens’ PII can run up to four percent or €20 million — whichever is higher — of an organization’s global annual revenue. That means gaps in GDPR coverage and security breaches can have critical consequences for an organization’s bottom line.

Be prepared. Download our GDPR readiness eBook and solution brief to get a step-by-step guide for GDPR compliance.

Make sure you’re compliant with GDPR.

Learn how SailPoint can help.

Get Started Today