There are only a few more weeks until the General Data Protection Regulation (GDPR) is fully enforceable. Are you ready? We started making Passport GDPR compliant as soon as the regulation was adopted, although to be honest, there wasn’t a lot we needed to do. We fully agree with these regulations and feel they provide effective guidelines that any application should follow with their users’ personal data. If you haven’t kept on top of the GDPR news, read here about the basic data privacy concepts you should be aware of. Our developers have been working with these concepts for years now, so we’re looking forward to the upcoming deadline.
Why Is Passport GDPR Compliant?
It’s simple. We understand that Customer Identity and Access Management (CIAM) is a necessary component, but it’s not the core value of your application. It’s much like the front door to a brick and mortar store. It doesn’t make money, but if it’s weak and insecure it increases your risk of losing everything you’ve built. You don’t build the locks for your front door, so why ask your team to focus on user management? Passport is designed to allow your team to focus on developing your application’s core value proposition, not a user access management system.
We developed Passport from the beginning with strict security in mind. Our identity and access experts deal with user CIAM every day so we understand the complexities and subtleties that modern user management demands. We are focused on staying ahead of current best practices so we can provide the most secure and flexible solution on the market. We even build in additional flexibility that allows Passport to increase its strength as threats become more sophisticated.
Here are a few of the features that keep Passport GDPR compliant:
Data protection: When Inversoft hosts Passport for our customers, it is always protected by strict server security, firewalls, and encryption.
Data isolation: Passport is single-tenant. This provides two main benefits. First, it means that your user data is not commingled with other companies. Second, we can host Passport anywhere on nearly any server. This allows us to isolate your user data in a specific country if requested.
Data retrieval: Passport provides an easy API to collect any data it contains for a user. This includes any custom data you might have provided to Passport.
Data deletion: In addition to retrieving user data, Passport provides an API to quickly delete all user data, including behavior data such as IP addresses and login timestamps.
User data abstractions: Passport provides the ability to pseudonymize user data through the use of opaque tokens and complex user ids. Without access to the Passport database, these ids would be impossible to determine who the user is.
Password constraints: Passport provides a complete set of password constraints that comply with the latest NIST regulations. Additionally, Passport provides a method of configuring the password hashing algorithm including a method of upgrading the algorithm used when users log in.
Breach notification: Inversoft has a strict breach notification policy that allows any company to quickly notify users and comply with the GDPR. We make every effort to notify our customers of any breach (or even a suspected breach) within 24 hours.
—– Special Event —–
Learn how the GDPR Impacts US Companies
If your company is starting to investigate how the GDPR impacts US companies join us in Denver May 23 as software experts from Inversoft, SendGrid, and SpotX explain the concepts of the GDPR and what it will mean to developers and product managers in the US. Our speakers for the evening are:
We will cover:
- What is the GDPR and who does it apply to?
- How the GDPR impacts US companies?
- What data is covered and what are the risks of violations?
- Coordinating with third-party data partners
- Panel discussion and open questions
Sign up here to keep your team ahead of data control and management trends. We will provide drinks, food, and networking with Denver’s software community, so bring your team to learn and connect with area experts.