The key to GDPR compliance and online privacy protection

The EU General Data Protection Regulation (GDPR) is a new set of mandates aimed to protect the privacy of internet users. From May, 2018, any organization operating, storing or processing data of EU citizens will be subject to the requirements. With the threat of hefty fines of €20M or 4% of worldwide turnover for non-compliance, whichever is greater, GDPR has got everyone’s attention.

One of the key components for GDPR compliance is the need for strong authentication. With billions of stolen credentials now in circulation, the use of username and passwords is no longer sufficient for protecting personal data. The European Union Agency for Network and Information Security – ENISA –  describes authentication as ‘key to securing computer systems’ and as the first step ‘in using a remote service or facility, and performing access control’. Referenced as GDPR-compliant authentication solutions are one time password solutions, smart cards, and FIDO Universal 2nd Factor (U2F).

At Yubico, it’s been our mission to make strong two factor authentication easy to use and deploy, and available for everyone. We disrupted One Time Password (OTP) technology introducing the simple touch and no client software install solution of the YubiKey. We co-created the FIDO U2F open standard and developed a next generation, simplified, and more secure PIV smart card technology. All these protocols and acronyms – OTP, PIV, FIDO U2F – enable one YubiKey to provide strong authentication for secure access to the majority of IT systems, ranging from computers and phones to networks and online services.

But of all the three protocols, FIDO U2F is the most powerful.

FIDO U2F has today proven at scale that it is the strongest defense against modern phishing attacks that hijack the session, the so called man-in-the middle attacks. As well as being easy and affordable to use and support, FIDO U2F preserves the privacy of internet citizens.

Many online authentication and identity technologies store user data and cryptographic secrets in centralized servers. An essential feature of FIDO U2F is that it does not store any means of personally identifiable information (PII), and while it works across any number of services, it does this without sharing any information between the services. And it is these game changing privacy measures that make the YubiKey and FIDO U2F optimal for GDPR compliance.

Government regulations supporting public safety are not new. Several times before we have seen government step up and re-write laws when the health and security of citizens are at risk. We may like it or not, but some of these laws have been effective. For example, today, significantly fewer people are killed by cars and cigarettes compared to the 1950s.

With the May 28, 2018 deadline for GDPR rapidly approaching, the days of usernames and passwords as an acceptable authentication technique are numbered. The hefty fines that can be imposed for GDPR non-compliance may be the necessary means for organizations to become responsible when operating, storing or processing data of EU citizens. Learn more about the security, usability, cost and privacy benefits of FIDO U2F.

Please contact us if we can help you with GDPR compliant authentication.

Talk to our teamTalk to our team

Share this article:


  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless
  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard