FIDO and MFA Authentication Key to GDPR Compliance

“…to facilitate such requests, organizations need to be able to reliably tie individuals to their data, and biometric authentication can do just that.”

With the European Union’s new GDPR laws finally coming into effect this week, the FIDO Alliance is pointing to biometric multi-factor authentication as a key to compliance, along with its own authentication standards.

In a statement, the consortium notes that the GDPR requires companies to implement strong data security, and asserts that multi-factor authentication “is a fundamental building block of cyber security and data protection.” Biometric technologies, meanwhile, offer “one of the most promising technologies available to deliver strong authentication”. That’s not only vital to security, but also offers a strong solution for helping organizations to comply with the GDPR requirement allowing end users to view, change, or delete the personal data that has been collected from them; to facilitate such requests, organizations need to be able to reliably tie individuals to their data, and biometric authentication can do just that.

And when this is all done in compliance with FIDO standards, so much the better for GDPR compliance. As FIDO explains, its standards offer “authentication with no third-party involvement or tracking between accounts and services.” Moreover, data collected through a FIDO framework never leaves a given device, preventing potential server-based hacks of biometric data, which the GDPR puts in a category of particularly sensitive personal information requiring stronger protection.

Clearly, with the implementation of GDPR, the case for biometric, FIDO-based authentication is stronger than ever. And anyone curious to learn more can get more detailed information from FIDO’s new white paper, “FIDO Authentication and the General Data Protection Regulation (GDPR)”.