What does the GDPR require?
The new rules specify that companies must introduce the latest state-of-the-art control mechanisms to protect data. The technical and organizational security measures that need to be implemented require that customer data must always be protected reasonably according to the risk. Businesses must ensure that only authorized persons can obtain access to personal data, and that the data is protected against unintentional loss, unintentional modification, unauthorized access and transfer to other parties. When it comes to access management, this means that the user name and password method has run its course; it is simply too unreliable.