BioLink IDenium helps you comply with the GDPR

Is your organization based in the European Union? Does it service customers in the EU in any way?

If you answered yes to either of these questions, your organization must comply with the General Data Protection Regulation (GDPR) from May 25, 2018. The GDPR is all about the personal data of employees, customers, and prospects that companies hold. Ignoring this mandate can have major consequences—€20 million or 4 percent of your global turnover in penalities, to be exact.

Ensure data integrity and security

While complying with this regulation is important, what's more important is protecting customers' personal data. In this digital day and age, data protection is essential and that's exactly what the GDPR aims to achieve. Businesses need to respect the need for data security and institute measures to protect customer data in the long run.

Complying with the GDPR—the BioLink IDenium way

By using Active Directory (AD) to grant access to personal data in your network, use IDenium Logon to comply with the GDPR. *

It offers a complete audit trail through its functionality and allows you to:

·       Views and manage personal data.

·       Get full information what BioLink IDenium store and allow to delete (clear) with one button click

·       System Administrators can manage user’s personal data with ADUC.

What data is stored, used and changed with BioLink IDenium

When adding a new fingerprint template, we take its image and using our unique algorithms of mathematics we convert it into a template (a certain digital code), after which the image is deleted (this whole conversion process takes place almost instantly).

We store the digital code of the fingerprint in the Active Directory. This is the only data for which the IDenium product is responsible.

Additionally, it is possible to use passwords in user attributes and scripts.

Example for template location in AD:

Attribute: BioLinkIDeniumAttributeTemplate
Object: CN=Administrator,CN=Users,DC=demo,DC=local
Sintax: OctetString
Schema: CN=BioLink-IDenium-Attribute-Template,CN=Schema,CN=Configuration,DC=demo,DC=local
Value: 4 0 0 0 239 237 73 253 49 64 5 193 122 169 10 191 170 (Continuation of the digital code of the fingerprint template)….

Which GDPR articles BioLink IDenium can help with

·       Article 5, #1- f

o   Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ('integrity and confidentiality').

·       Article 5, #2

o   The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1('accountability').

·       Article 24, #1

o   Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.

·       Article 25, #2

o   The controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.

·       Article 30

o   Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility.

·       Article 32, #4

o   The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.

*: The reports required to comply with the GDPR vary depending on your organization's size, stakeholders, the nature of your business, and more. Windows Active Directory has several reports (Get-ADObject PowerShell command) that could also help you in complying with this mandate or you should use third-part services or programs. Discuss this with your security consultant today.