Following large corporations selling off users' personal data and treating it as a commodity, the EU put together a set of laws that prohibit them, and anyone else, from doing so. The General Data Protection Regulation was officially implemented in May 2018 and is a legal requirement for anyone offering digital services in the EU. The GDPR was created to enhance individuals' privacy rights and put significantly enhanced obligations on companies that handle personal data. It is based off of seven principles as outlined below:
- Right to Access. At any point, users can request how their data is being used as well as gain access to their personal data at no charge.
- Right to Erasure. Should a company terminate their or a users' services, the user may request that their data be deleted.
- Right to Data Portability. Users have the right to switch providers, companies may not conduct a “vendor lock-in” and withhold your personal data.
- Right to Be Informed. Companies may not collect users' data without their permission, and must inform the individual on what they will be using it for.
- Right to Restrict Processing. Users can request that their data is only recorded but not processed in any way (used).
- Right to Object. Users can request for the immediate halt of the processing of their data for marketing purposes, and companies must comply.
- Right to Be Notified. Companies need to notify users within 72 hours should there be a data breach that compromises a users' personal data.
While the legislation is centred around protecting your personal data, we're here to cover exactly what that means. In a nutshell, personal data refers to any information that can be used to identify you. This might include:
Usernames
Passwords
Phone number
Cookies
Name
Facial image
ID number
Residential address
Postal address
IP address
Email address
As we continuously strive to offer you the best service, including data protection, here is a list of activities that we have implemented, under the advisory eye of our Data Protection Officer.
- Thoroughly research the areas of our product and our business impacted by GDPR - COMPLETE
- Appoint a Data Protection Officer - COMPLETE
- Rewrite our Data Protection Agreement - COMPLETE
- Develop a strategy and requirements for how to address the areas of our product impacted by GDPR
- COMPLETE- Perform the necessary changes/improvements to our product based on the requirements:- Suppression Controls
- COMPLETE
- User Lookup by Email - COMPLETE
- Feedback Consent Controls - COMPLETE
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR - COMPLETE
- Finalize and communicate our full compliance - COMPLETE
Our flagship KYC solution, Oobit KYC, also offers users peace of mind in terms of data storage. Not only does it safeguard your personal data through cutting edge technology and localized encryption and storage, it also minimizes the need to enter your personal information on several different platforms. Rest assured that at no point do we store the information without your consent.
All the data gathered by Oobit is encrypted and stored securely and anonymously. As part of our continuous drive to remain at the forefront of the crypto industry, we regularly evaluate the security measures that we have put in place. We also pride ourselves on staying on top of, and ensuring that we meet, the most recent security regulations, guaranteeing that users can rely on the highest security implementations.