Understanding GDPR

The General Data Protection Regulation (GDPR) is a regulation that harmonizes data privacy standards by imposing uniform data privacy laws across in order to protect and empower all EU citizens’ personal data and privacy. GDPR is also applicable for businesses that markets or sells to the EU.


GDPR was devised for two main reasons:

  • Grant people further recognition and control of personal data especially in the rising digital economy as a fundamental right.
  • To ensure businesses are clear about the integrity of data to build trust and brand loyalty among customers.
In case of non-compliance, GDPR imposes steep penalties of up to €20 million or 4% of global annual turnover, whichever is higher
privacy principles gdpr

Personal data according to GDPR

Under GDPR, personal data not only includes name, postal address, telephone number, passport number but also any information like online identities, website cookies, IP address and anything that are accounted as personal data under the Data Protection Act.

For existing data, you can conduct a thorough review on your current consent management process to find out if they’re GDPR compliant. Otherwise, you will have to obtain fresh data approvals from individuals.

Become GDPR ready with Aspire & WSO2

Aspire Systems helps enterprises to assess their GDPR readiness & execute the best GDPR strategy using WSO2 IAM and API Management.

Data Storage

Beyond the obvious benefits of protecting an organization from cyber-attacks, securing the data that is persisted & GDPR compliance is highly critical. It is here that WSO2 Enterprise Service Bus along with AURAS (an Accelerator Framework) play a major role in ensuring a multi-staged encryption (both Client side and Server side encryption is used on data stored on-premise or cloud. Organizations can focus on their business objectives and steer clear of the non-compliance aspects of data persistence as per GDPR.

Data Storage

Data Transmission

When businesses grow multifold with high speed data transmission, organizations compromise on secured transmission risking their business and reputation. The transmission channels are vulnerable to interception by anyone along the way to read the Payload Messages. WSO2 helps develop a Multi-factor protection for data transmission that is safer that the transmission protocols which are used by banks to share transaction details. The payload data is encrypted using PGP Encryption methodology – (Pretty Good Privacy) using RSA algorithm standards of key size 2048.

Data Transmission

Data Access

A customer centric organization with high business goals always takes an outstanding approach in protecting their customer specific sensitive information from improper access. An unprotected access will lead to breach of information leading the organization to even get sued. WSO2 IAM (Identity and Access Management) helps organizations to follow a multi layered security approach. The Identity Server provides a Token Based Authentication mechanism for invocation of APIs. The WSO2 IAM helps in defining the data access rules (Authorization) to ensure data security and integrity. WSO2 also contributes for HTTPS connection with SSL certification adding another layer of security.

Data Access

To assess your GDPR readiness or get best GDPR compliance strategy & roadmap contact:

Prem Sundaravadanam

Vice President

[email protected]

+44 0203 170 6115

Hariharan Ganesh

Practice Head – Enterprise Architecture & Integration

[email protected]

+1 847 730 7855