Accelerate Your Journey to GDPR Compliance
What is GDPR?
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly.
Who is impacted?
Any companies that collects data on citizens in European Union (EU) countries need to comply with strict new rules around protecting customer data, in effect as of May 25, 2018. Companies need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address, and Social Security number.
GDPR Compliance and Your Identity Verification Process
For many industries, companies often have to establish trust in digital identity verification solutions that can guarantee “the person claiming a particular identity is in fact the person to whom the identity was assigned.” But, this imposes strict requirements on the vendor that is managing person information, including images of government-issued IDs, biometric and other personal information.
“Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
Beyond the secure handling of PII data, there are additional considerations when the outcome of that verification results in an “automatic refusal of an online credit application or e-recruiting practices.” Fully automated verification solutions that fail to give the data subject the right “to obtain human intervention on the part of the (data) controller, to express his or her point of view and to contest the decision” (Article 22(3) GDPR) are not allowed under GDPR.