GDPR: What to consider when you use identification processes.

22 October 2018

As a company storing personal information, you are subject to the GDPR (General Data Protection Regulation) which went into effect on May 25th and has been covered here before. If your organisation uses any identity checks of the type that DataChecker offers, you must comply with a few specific demands.

As a company storing personal information, you are subject to the GDPR (General Data Protection Regulation) which went into effect on May 25th and has been covered here before. If your organisation uses any identity checks of the type that DataChecker offers, you must comply with a few specific demands. In this blog post, you’ll find out what exactly to take into consideration in order to comply fully (and remain compliant) with the GDPR. 

When you’re searching for an identity verification solution, there are a few points to keep in mind. We’ll briefly tackle those below.

Option for human review

When using automated processes for identity verification, it’s important to leave room for a human review. The verification of such processes generally happens through complex algorithms. The details can be unclear and lacking in transparency. The GDPR dictates that anyone who is undergoing an identity check (for example an online customer) should have the option to request a human review.

Machine learning; the GDPR way

Many of the algorithms used in identity verification processes are enhanced by machine learning. By comparing a variety of data, the algorithm will develop to deliver better results and, for example, learn to check an ID more quickly. The GDPR dictates that those types of algorithms may only use data that they themselves collect. That prevents any organisations from exchanging data in order to enhance their algorithms.

Data storage

One GDPR regulation is that any data collection should be limited to the information that is strictly needed. The method of storage is also quite strict and must be as minimal as possible. DataChecker stores strictly the necessary data in a very secure environment that fully complies with the new GDPR regulations. There is also the choice to recall any document or to remove the document completely.

Mandatory and immediate notification of any data breach

In the case of a data leak, the party responsible for the breach is obligated to report it to the individuals affected. The GDPR stresses that this disclosure must be done as quickly as possible.

Data encryption

Data security is extremely important, especially when it comes to your identity. The GDPR has high demands for the methods of security: all data must be encrypted, there must be a backup, and security must be tested regularly.

At DataChecker we take those regulations very seriously, which is how we can guarantee that DataChecker is fully GDPR-compliant. Please reach out to us with any questions you have about protecting your privacy during an ID check or the steps we take with our clients to remain GDPR-compliant.


More information?

Request a copy of our whitepaper about the duty to identify yourself in The Netherlands. (note: Do you want to include a link here? The link in the original text was to the Dutch version of the website, but the whitepaper page doesn’t seem to exist on the English site.) Of course, you can call or email us any time — we are pleased to be at your service.