The document discusses Janrain's services to help clients prepare for the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018. It offers a GDPR Primer for a basic overview of requirements and identification of needs and gaps. It also offers a more in-depth GDPR Readiness Assessment to evaluate specific requirements for customer identity and access management processes. The assessment involves analyzing compliance, developing a prioritized remediation plan, building stakeholder consensus on the plan, and assisting with implementation of programs and technologies like Janrain's to achieve compliance.

1. Copyright © 2017 Janrain, Inc. All rights reserved. | v.04.17
data sheet
Janrain Professional Services
GDPR Primer and
Readiness Assessment
Janrain offers services to help organizations streamline
their preparation for the General Data Protection Regulation
(GDPR). Offers are tailored to the individual needs of the client.
In May 2016, the European Union (EU) passed the GDPR, which will go into
effect on May 25, 2018. The GDPR will be the new primary law regulating how
companies have to protect the personal data of EU residents. It is one of the most
significant, most challenging and most disruptive regulations, and introduces a
wide range of complex privacy related requirements impacting all organizations,
including legal, compliance, information security, marketing, engineering, and HR.
This is true for companies with and without offices or data centers in the EU. Any
organization that offers goods or services to EU residents, collects data of EU
residents, or has employees in the EU will have to prepare to be in compliance
with the new law, no matter where the company itself is located or incorporated,
and no matter if the company acts as a controller or only as a processor of
data. According to a report by Veritas, which surveyed more than 2,500 senior
technology decision makers in 2016 across Europe, the Middle East, Africa, the
U.S. and Asia Pacific, 54 percent of organizations have not advanced their GDPR
compliance readiness.
Yet many organizations are still ill prepared to sufficiently meet its demands.
Given the GDPR effect date is approaching fast, organizations need to ensure
they allocate budget and resources to implement governance processes,
controls, tools and infrastructure to achieve compliance. Failing to do so comes
at a high risk. Unlike many earlier regulations, the GDPR comes with significant
penalties for non-compliance: fines up to 20 million EUR or four percent of total
worldwide annual turnover of the preceding year, whichever is higher. Failure to
comply can also cause serious damage to a company’s customer and partner
relationships, public image, and brand value.
2018
GDPR will apply from May
25, 2018
2016
GDPR enters into force
2015
The European Parliament, the
Council and the Commission
reach an agreement on the GDPR
as a replacement for Directive
95/46/EC
2012
The European Commission (EC)
proposes to strengthen online
privacy rights and digital economy
1995
Directive 95/46/EC adopted,
regulating the protection of
individuals with regard to the
processing and movement of
personal data
GDPR
Requirements
Breach
Notification
Right to
Erasure
Global
Scope
Data
Portability
Penalties
Unambigu-
ous Consent
Privacy by
Design
Data
Protection
Officers

2. 2
Copyright © 2017 Janrain, Inc. All rights reserved. | v.04.17
data sheet | Janrain Services - GDPR Primer and Readiness Assessment
Manage customer identities to support GDPR
By the nature of its business, Janrain has extensive expertise and experience in achieving GDPR
compliance. As a vendor of solutions for Customer Identity and Access Management (CIAM) that
manages more than 1 billion consumer identities for over 1,800 corporate clients, Janrain is in a highly
critical position for its clients when it comes to GDPR readiness. Many of the company's services
are directly or indirectly the technical foundation for its clients to achieve compliance, and Janrain's
technology is a key part of what they will use to get themselves ready for the new regulation.
As a consequence of that, Janrain's clients look to them for guidance, and they also expect them to be
ready when they start their efforts.
1. A data protection officer or VP
of Privacy, who reports to the
CEO and leads the company’s
compliance efforts.
2. An independent certification
by TRUSTe of its privacy
practices, including its
adherence to the Privacy
Shield Framework.
3. Successfully undergone a
SOC2 Type II audit, having
met the criteria for the
Security, Confidentiality, and
Availability Trust Principles.
JANRAIN IS THE ONLY CIAM VENDOR THAT HAS:
JANRAIN ALREADY OFFERS GDPR-COMPLIANT SERVICE FEATURES, INCLUDING:
 Checkbox consent mechanisms for explicit consent
 Progressive permissions
 Easy data record access mechanisms
 Data correction/integrity mechanisms
 Data portability
 Data erasure/deletion
 Scoped access for users and integrations
 Data pseudonymization
 Age gating

3. 3
THE JANRAIN IDENTITY CLOUD™ provides management, security and activation solutions that enable seamless and safe customer
experiences across their digitally connected world, while providing enterprise organizations with deep customer insights. Founded in 2002,
Janrain pioneered Customer Identity and Access Management (CIAM).
CONTACT JANRAIN | US 888 563 3082 | Europe +44 208 973 2561 | www.janrain.com |  @janrain
data sheet | Janrain Services - GDPR Primer and Readiness Assessment
Janrain services help you accelerate GDPR Preparation
To assist its clients, Janrain Services has created the GDPR Primer and GDPR Readiness Assessment
to help discover gaps and recommend remediation plans for authentication, registration, security, and
overall management of identity related processes, technologies, and data. Both offers are tailored to the
individual needs of the client.
THE JANRAIN
GDPR PRIMER
Discovery workshop in the range of 3-8 hours to address the basics and help corporations
identify needs and gaps on their way to compliance.
THE JANRAIN
READINESS
ASSESSMENT
Services engagement that dives deep into the specific requirements for Customer Identity
and Access Management (CIAM) processes. The assessment is typically an engagement in
the range of 10-25 days, depending on the specific needs and requirements of the client.
If you would like to learn more about how you can prepare your company
to be GDPR ready, we are here to help. Contact us for more information
about a GDPR Primer and Readiness Assessment.
PHASE I –
Readiness and
Gap Analysis
Janrain experts will work
interactively with client teams
to assess overall compliance
with the GDPR requirements.
The deliverables include a
gap analysis and a detailed
findings report.
PHASE II –
Develop a
GDPR plan
Develop a plan and
prioritized roadmap based on
remediation recommendations
to address gaps identified in
the readiness assessment.
The plan will include an
executive summary and a heat
map outlining risks and level
of effort, schedule, and budget
and resource estimates.
PHASE III –
Build
consensus
Lead an interactive onsite
review with key stakeholders
and leadership to help build
awareness, secure buy-in,
and obtain and document
agreement on the GDPR
action plan.
PHASE IV –
Implement
programs
Janrain can help clients
implement a wide range of
CIAM initiatives and Janrain
technologies. Immediate steps
may include areas of risk such
as specific identity processes
that require more detailed
diagnostics or remediation.
TYPICALLY A READINESS ASSESSMENT WILL HAVE FOUR PHASES: