Explore   >   IBM PartnerWorld
 |  |  |  |  | 
by Transposh - translation plugin for wordpress

A translation widget is provided for your convenience to facilitate translation of the English language version of this blog into several languages. If you choose to utilize this automated translation facility, please understand there may be deviations between the automated translation and the original English version. IBM is not responsible for any such automated translation deviations and offers the translated version "AS IS" without warranties of any kind.

EUROPE Partner Experience SECURITY Worldwide

Helping Business Partners navigate The General Data Protection Regulation (GDPR) in the EU

The General Data Protection Regulation (GDPR) imposes several elevated EU citizen rights and obligations on personal data in all establishments. As channel sales leader for Worldwide Information Integration and Governance at IBM, I have the pleasure to work with our Business Partners to address some of these challenges. Their innovative solutions accelerate time to market for our clients as they race to make the GDPR deadline. Ævatar.coop, a Paris-based Social Benefit Corporation, is one of our key Business Partners providing a very unique solution in this complex regulatory environment.

It is a known fact: Data privacy management impacts internet users’ behaviors. Recent polls and surveys demonstrate how much people—whether they are employees, consumers or citizens—care about the protection of their personal data. In France, a survey conducted last month revealed that 83 percent of French citizens are very much “concerned” about data privacy. 62 percent estimate they are less protected than 10 years ago.

In this context, next year’s GDPR, especially when looking at its “privacy by-design” requirements, looks like an obvious call-to-action for strengthening the confidence people and organizations have in their data processors, in both the private and public sectors. This said, complying with GDPR requirements will, by itself, probably not provide first-to-market organizations with a competitive advantage—especially knowing how stringent and painful it is to enforce (privacy by-design-centric) multifactor authentication (MFA) as the new way to process identity and access management to personal data.

Addressing the new Identity and Access Management (IAM) challenge

To address this new Identity and Access Management (IAM) challenge, and successfully comply with GDPR requirements, large-scale organizations that process wide volumes of personal data may want to benefit from breakthrough solutions like Ævatar’s. Interoperating with leading industry personal data processing environments and leveraging IBM solutions for data discovery and classification such as Information Analyzer and StoredIQ, the Ævatar solution suite seems to be, as of now, unique in that it combines IAM client and server components that are “by-design” GDPR-compliant.

What is “MyÆvatar”?

At the client/user level, a mobile IDwallet app called “MyÆvatar” empowers individuals to enroll, as a self-service, a variety of public or private credentials. These credentials include, among others, state-owned IDs, a driver’s license, one or more banking cards or a corporate badge for secure physical access, as well as a selfie or other bio-based identifiers used for match-on-card (MoC) identification and MFA-enabled remote access sessions. Following user enrollment, ID credentials are securely provisioned by their owners to GDPR enforcement authorities—that is, registered trusted third parties (TTPs). After receiving the IDs, the TTP will cross-check ID credentials and return them to the ID owners with a certified, GDPR-compliant, official endorsement of their self-sovereign ID, also known as their “ævatar.”

At the server and security layer, the Ævatar solution includes an API that interoperates with market-standard IAM and privacy data management back-end environments, including IBM Identity Governance Intelligence solutions. At stake is to streamline the process—in the most convenient, cost-efficient and confident manner—for future users requesting access to their personal data. The API interoperates with organizations’ back-end, GDPR-compliant data privacy management capabilities. These capabilities will include, among others, strong user authentication, user consent, data portability, right to be forgotten and so on, along with the need for secure provisioning and hosting of SaaS-managed, end-user personal data storage capabilities.

As a result, Ævatar’s solution offers unique benefits. Provisioned to end users in a push-or-pull manner, the Ævatar IDwallet securely links end-users’ ID credentials in a chain, which is required for next-generation, MFA-empowered “privacy by-design” systems, applications and services. “Looking forward, ævatars may smoothly replace both our legacy passwords or MFA tokens used today for remote access to eCorp, eBanking or eGov resources,” says David Robert, co-founder and CEO of Ævatar.coop. The truth of the matter is that, beyond its “by-design” GDPR compliance, Ævatar offers a low TCO per “ævatar” (some may call it a “GDPR userID”) enrollment, something to be thoroughly assessed when organizations select solutions that must scale with very large GDPR user populations.

GDPR, as we all know, is a very complex set of regulations. Leveraging solutions like Ævatar’s (@MyAEvatar) will allow our clients to adopt faster, and in a more automated way, a set of capabilities required to become a GDPR-compliant organization. You can let me know what you think by using the comments feature below.

Goele Coelst
Worldwide Business Partner Sales Leader
Information Integration and Governance

Special thanks to Frederic Engel, GDPR consultant and innovative solutions strategist for Ævatar, who helped co-author this blog.

Goele Coelst is part of the Worldwide Business Partner Sales and Ecosystem team at IBM and is responsible for Information Integration and Governance solutions. Goele joined IBM in 2015 and has over 20 years of experience in the technology and solutions industry. She has spent most of her career developing strategies that enable sales teams to sell value to clients in various industries. Prior to joining IBM, she worked at Oracle in various positions across Europe and the US, and worked for other marquee companies such as Infosys and Bloomberg in the information governance space.

Related Articles


Your email address will not be published. Required fields are marked *

Name *

Email *