GDPR Guidelines

GDPR - General Data Protection Regulation

The European Union’s General Data Protection Regulation (GDPR) is a regulation by the European Parliament, the Council of the European Union and the European Commission that unifies all data protection regulations within the EU, including exports of personal data outside the EU.

GDPR will be fully applicable on May 25, 2018 and any company that offers goods or services to EU residents, or processes data related to EU residents or has employees in the EU will be required to comply with it. In essence, GDPR enforces that users remain in control of the personal data they share with companies.

GDPR requires companies to establish a series of initiatives and controls with regards to the personal they store from clients and users. Xeerpa is one of the first CIAM European companies to become GDPR-ready, implementing strategies and measures in compliance with the new regulations, including those related with data security, hosting and data processing.

Learn more about GDPR in this link http://eur-lex.europa.eu/ and http://eugdpr.org.


Xeerpa's GDPR Complying Login Proposal

As we know that GDPR is quickly becoming a controversial issue amongst every market, we have gone ahead and designed some different proposals with our legal consultants from a very rigorous point of view:



Xeerpa’s key strengths in relation to GDPR

• Xeerpa already has a designated Data Protection Officer

Reporting directly to the CEO and the board, Xeerpa’s DPO leads all of our efforts in terms of security and compliance with GDPR, providing first-hand advice to all our clients.

• Xeerpa is ISO 27001 certified

ISO 27001 is the most internationally recognised certification in data security, proving the utmost importance Xeerpa gives to any matter related to personal data access and storage.

• Xeerpa offers you flexibility and total control over your GDPR strategies

Xeerpa’s API offers you all the functionality you require in order to securely comply with all GDPR guidelines and recommendations (see table below), not imposing any specific or rigid visual layout. This way you can implement your own strategies and visual interfaces with your users, in line with your current corporate identity and customer experience.

• Xeerpa already implements rigorous technical measures to ensure data privacy

- All data is stored under password-protected encryption at an operating system level with LUKS or EFS.

- Data access is made through encryption using the https SSL/TLS protocol.

- Data transfers are encrypted with AES-128.

- Drives are erased through the DoD 5220.22-M algorithm, which consists of multiple full writings of the discs with random data to prevent the information from being later restored.

• Let us help you

Count on us not only to guide you on how to comply with GDPR, but also on designing personalised user interfaces that make use of our existing API and integrate with your current UX, providing all the functionality that will be required to fulfil your customers’ demands and data protection rights.


How Xeerpa complies with GDPR

Differently from other solutions, Xeerpa does not have a visual interface to the end user, so you have total control over the informative screens that will need to be presented to the end user to manage the data you store about them.

Still, Xeerpa already offers GDPR-Compliant features that help our clients comply with the new regulation, including: