Customer Portal / User Accounts
User accounts mean identity data. Identity data means serious obligations.
Any system with user registration, login, and profile management processes identity data that requires robust security measures, access controls, and compliance documentation.
Realiteitscheck
If a user requests deletion of their account and all associated data, can you do it completely within 30 days?
GDPR (General Data Protection Regulation)
mandatory Art. 15, Art. 17, Art. 20, Art. 25, Art. 32Uw verplichtingen
- Right to access — users can request all their data (Art. 15)
- Right to deletion — complete account erasure (Art. 17)
- Right to data portability — machine-readable export (Art. 20)
- Secure authentication (no plaintext passwords)
- Breach notification if account data is compromised
- Privacy by design in the registration flow
SiteGuardian bewaakt dit
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Risico bij niet-naleving
Individual complaints to DPA for denied access/deletion. Each unhandled request is a separate violation.
NIS2 Directive (Cybersecurity)
conditional Art. 21, Art. 23Uw verplichtingen
- Multi-factor authentication for sensitive accounts
- Access control and identity management policies
- Incident detection and response capabilities
SiteGuardian bewaakt dit
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Risico bij niet-naleving
Account takeover incidents must be reported within 24h if they affect essential/important entity services.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Uw verplichtingen
- Accessible login and registration forms
- Accessible password reset and account management
- Screen reader compatible user interfaces
SiteGuardian bewaakt dit
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Risico bij niet-naleving
Users with disabilities cannot access their accounts. Discrimination complaints under national EAA transposition.
Is dit op u van toepassing?
Als u op 2 of meer ja antwoordt, zijn deze regelgevingen zeer waarschijnlijk op uw bedrijf van toepassing.
Zie waar u staat
Onze gratis scanner controleert de beveiligingsstatus van uw site, SSL, headers, e-mailauthenticatie en meer. Geen account nodig.
Scan your portal's security headersDeze pagina biedt algemene informatie over EU-regelgevingskaders. Het vormt geen juridisch advies. Raadpleeg een gekwalificeerde juridische professional voor advies specifiek voor uw situatie. SiteGuardian documenteert uw monitoring continu — compliance is de verantwoordelijkheid van uw organisatie.