New Rules: The Steps to A Strong Customer Authentication in the GDPR Era

Updated: Apr 13, 2020

According to Ponemon Institute, more than 2.5 billion records were hacked last year which costs about $148 per breached record, the losses of businesses account to over $379 billion. Furthermore, cases of data breach have been at a constant increase every year and are rising aggressively putting companies vulnerable to these possible threats.

As you are aware GDPR has come into play to address security concerns for consumers residing in Europe. Many countries across the globe including the US, however, are also launching similar laws which regulate data privacy and security which makes data protection a bigger work to do for businesses.

Strong passwords don’t work in our modern world because hackers have advanced. To deal with the varying levels of these system interactions and associated risk profiles, businesses must reassess their customer-facing requirements. This is where solutions such as multifactor authentication play a crucial role.

Multifactor authentication is starting to be used by businesses, it can, however, be quite difficult to manage. Difficult for the business to implement and sometimes cumbersome for the end consumer. If security becomes a problem or delays on the customer’s convenience/experience, the solution would be to look for a different provider or remove the security system completely (which will make the authentication system more vulnerable).

With that said, how do businesses implement multiple controls for security and compliance, while achieving the consumers desire for ease in usability? While it may be complicated and difficult, there are processes to make it happen:

A strong way to approach multifactor authentication is by basing the needs of the user first and working your way inwards. They must ask how the transactions and interactions are connected.

It’s also important to look for vulnerabilities in current systems before implementing new ones, that way businesses will be able to institute customer-facing authentication controls in broader security architecture.

Setting your Goals.

Identify the problems that your organization needs to mitigate and determine which regulations to apply. You should evaluate the sector-specific compliance that is required and the best practices with regards to customer impact. The goals you should set should be two out of these three: fast, cheap, or good.

Analyze the Situation

Trace the experience of your customers and their issues, assess the threat levels and determine the weak spots of your business. Consider elements like password resets, purchases, account info changes and many more and identify which needs more security.

Conduct Research

Look for viable information from experts which includes consultants, analysts, and solution providers. Determine the most relevant when it comes to research based on your analysis of the situation.

Select your Provider

Look for a provider that can really meet and provide your needs specifically. Make sure that the provider can provide your needs to help give you stronger security.

Plan your Implementation

Identify the stakeholders within the organization that needs to participate in the planning process, and the resources that will be needed to install the technology. Milestones and timelines are also ideal to help you implement them effectively and successfully.


Once you have your plans laid out, the next step is for you to conduct testing. You must make sure that you have a cluster of test cases to be able to compare and observe the most efficient resolution to further strengthen your business. Refine the program as needed.

Educating Users

You must notify your current customers regarding new security controls that will be added and explain the reason behind doing so. You also need to provide a medium where they can raise concerns and questions. Provide an array of multifactor authentication options that the customers can choose from and give them the liberty to do so.


Once the testing is complete and the users have been notified and express their inquiries, you can then start your deployment. Having a backup plan should also be done to resolve problems that might occur.

Constant Monitoring

You need to monitor to measure outcomes and trace it back to your goals. Let the stakeholders follow and check how the programs are progressing. It is crucial to monitor the indicators that will showcase a potential breach and knowing the satisfaction of your customers so you will know on which aspect to improve.


Security isn’t something that is just done overnight. It is never-ending, where constant maintenance is required as the hackers grow ever more sophisticated. New threats and risks should be identified before an attack would occur. It is important to have a program that can adapt to changes in the consumer, regulatory, and cybersecurity landscapes.

In our competitive modern world in technology-related businesses, finding the perfect harmony of security and usability is the best way for a business to thrive, survive, and succeed. This way, they will maintain the trust of their customers and keep them happy while meeting the new obligations demanded by the GDPR at the same time. A holistic approach in security will help you avoid fines from regulators and business losses due to hackers.