One year from now, the GDPR comes into effect with profound impact on all companies. Still, most businesses have yet to even start evaluating the impact it may have. The companies that embrace GDPR and develop services and offering around privacy design will have a huge competitive advantage going forward and new eco systems will emerge. Taking this into account, it is worrying that most companies merely plan on becoming compliant.

“You ask yourself, why are most companies merely setting the bar at compliance and not focusing on what opportunities arises from being compliant?”

The new regulation

The new regulation gives the data subjects extensive rights over own data; rights to be informed, rights of access to processed data, rectification of erroneous data, right to be forgotten, restriction of processing and portability. This is great, but will require that companies need to have deep insight into the whereabouts of the data, including the management of subcontractors and data processors across multiple tiers.

Adhering to these rights can easily lead to a considerable administrative burden. Most organisations hold a lot of personal data in relation to own employees, customers and suppliers. Mapping all current and historic data across multiple systems, tiers of organisations and for the various purposes is a formidable task. However, starting by getting control over personal data processing at the time of registration is key. And, for those companies that get this under control already now, the position when GDPR comes into effect will be substantial as there will be no doubt about the basis for processing the data gathered over the last 12 months. Indeed, in 12 months’ time, perhaps the data currently being scrutinized could be regarded as obsolete, and thus not worth spending too much money on right now?

Furthermore, in processing personal data, key principles are Data minimization, Purpose limitation and Storage limitation. Collect only the minimum of what you really need for fulfilling the specific task/transaction in question and then delete the data that is not necessary to keep for statutory purposes. Anything else, and you need to obtain and document consent prior to processing data. The consent should be specific, informed and clearly distinguishable from other matters. It is also a requirement that it should be as easy to withdraw consent as to give it. All of this, in combination with growing consumer awareness, will appreciate the value of legally obtained personal data as a currency in itself.

“Personal data will become a currency and consumers will place their business with companies they trust”


The ICONFIRM platform is tailored such that companies can meet the requirements and build trust with their customers. The same way companies like Qliro, Klarna and PayPal have built a trusted-partner relationship on payments, ICONFIRM is a trusted-partner in the secure handling of personal identifiers whilst also handling effective administration of consents and notifications.

A detailed review of the GDPR articles has strengthen our confidence in the platform and although we will not claim to solve all issues, the power of simplicity is strong.

“Being a trusted partner handling data privacy, ICONFIRM will help demystify GDPR with a practical and hands on solution”

A brief description of some of the systems key features are:

  • Clarity at data registration and utilization of the ICONFIRM secure platform to segregate the personal identifiers ensures ‘pseudonymisation’.
  • Notification to data subjects about their enhanced rights and managing the interaction through the consent portal, clearly distinguishable from other matters.
  • Clarity in categorization of purposes
  • Configure automated erasure
  • Authenticate data subjects before obtaining consents
  • Consents by minors
  • Manage authorized access to personal data (including sub-suppliers)
  • Privacy by design and by default
  • Integrate with own systems for smooth transition of data

All as a service at low cost and high value.

Partnering with Aptic AB

Aptic recognised early that, although they rarely are providing the customer facing applications, they do need to assure the handling of personal data once registered and selecting a solution which will drive early compliance will help them in their quest to grow the company. No doubt, being part of regulated markets, the Aptic customers are early adopters towards the new regulation. Also, ePrivacy and the PSD2 regulation has an impact where companies affected will strongly benefit having an administrative solution to manage consents and end-user requests. Hence, we are currently integrating the platforms to provide the customers with a practical solution that is easy to implement and thus provide high return.


Do not hesitate in contacting us for a fruitful discussion.

Christian Butenschøn is the founder and CEO of ICONFIRM
+47 410 40 123

Patrik Steen is the Director Marketing and Sales of Aptic AB
+46 733 98 4047