June: Ask Us Your Digital Identity & GDPR Questions
We’ve received loads of GDPR questions from customers, partners, and occasionally from friends, about a myriad of things relating to the new regulation including Digital Identity, compliance, personal data, and security.
We’re sure they aren’t the only ones with questions – so we’ve decided to launch a monthly mailbag where our Director of Strategic Accounts & Client Quality Services, Tom Canfarotta, will answer your questions.
This month we’ve received many GDPR questions, and it makes sense since it went into effect May 25.
Will your services assist us with our own efforts to be GDPR compliant?
~Mike from New York City
Simply put, the answer is “yes”.
There are many GDPR Compliance elements that intersect for Veratad and our customers, many are considered “Data Controllers” under the new GDPR regulations. Remember, the “Data Controllers” are the organizations that capture and manage personal data about their customers and determine the purposes and means of processing the data.
First, organizations subject to GDPR need to be sure that their “Processors” are compliant. As a “Processor,” Veratad has made a significant investment in its security, privacy and GDPR Compliance. Be assured that we are GDPR compliant in support of your compliance requirements.
Also, “Data Controllers” need to be sure that all personal data they collect and process is ‘accurate’ [GDPR article 5.1(d)]. So, it’s important that personal data collected for on-boarding, as well as requests for access, is properly verified. Veratad can assist in verifying an individual in a variety of ways depending on your company’s needs.
We can verify personal data as well as identity documents, or use two-factor authentication. If you’d like more information on any of our identity verification solutions, feel free to reach out for a personalized demo.
Is this privacy email from an actual company? Could it be a scam?
~Elizabeth from San Francisco
While not a question on GDPR specifically, we were a little NOT surprised to get this question but it raises an excellent point.
This would be a great opportunity for you to do what most of us do not: read one of these privacy notices completely. It’s likely to be an eye-opener and even cause you to want to read them each time you check the read the privacy agreement checkbox. While I’m hoping you do, I’m not holding my breath.
Also, it’s also a good time to remind your children, friends, clients, and family to never pass private information like passwords and account numbers over email.
How many data sources are used when confirming a customers age using identity data elements?
~Claire from Toronto
This is a complicated GDPR question and I guess the right answer is “it depends”.
Veratad has access to billions of public and non-public age and identity records that are trusted and verified data sources. Depending on the industry and the regulations, the number of sources we check may vary depending on our customer’s compliance criteria.
We have customers that only require us to confirm an age from one trusted data source and others that require us to verify an age from two or more sources.
In any case, we work closely with each of our clients to design the most effective deployment of our solutions to meet their compliance and fraud prevention objectives.
My GDPR Question is: How are you preparing for GDPR?
~Corey from Chicago
As I mentioned previously, Veratad has made a significant investment in its overall security, privacy, and GDPR Compliance efforts and so we are GDPR compliant.
That said, we haven’t prepared for the new GDPR as though it were a singular event. While the deadline for compliance was May 25, 2018, GDPR requires ongoing attention to maintain compliance.
To answer your GDPR question more precisely about preparation, in order to achieve our baseline compliance, Veratad contracted with an industry-leading compliance consulting firm with expertise in the GDPR to guide us in the process. In addition, we allocated significant internal resources to ensure the baseline compliance by the given deadline. If you would like to learn more, you can read more of our posts from our All Things GDPR Series on our blog.
Of course, we’re pleased to say that we met our goals for GDPR by May 25.