Approaching GDPR

As an organisation that relies on the availability of personal data in its solutions, how does GBG IDscan ensures that the data we use is appropriate and fully consented?

Sourcing begins with the basics: does the data exist? Can we access it compliantly? How can we use it to serve different customers in the best way?

Compliance and security questionnaires then give us total transparency of the types of data we access. Suppliers have to show that the data is sourced compliantly, with the correct consents and that it can be used within GBG products.

Even after sourcing the data, consent is an integral part of our identity verification solutions. As they go through a process powered by our technology, consumers themselves also give GBG permission to verify that what they have shared is accurate and authentic.

It’s worth noting that consent is only one of the conditions for processing. There are other conditions we could rely on. These include legitimate interest, performance of a contract, compliance with a legal obligation, necessity to protect vital interests or the performance of a task carried out in the public interest. We’ll reflect this in our data sourcing, where appropriate.

What you need

Five points to ensure readiness on your side

Know Your Data

What data do you have in the business? Where does it come from? How is it used? This is the most important point of all; it’s something that can affect all parts of your business.

Set Your Processing Conditions

Have this clearly identified and documented for anywhere you process personal data. Many companies have relied on consent in the past, but if you can rely on another condition you should, as consent can be withdrawn at any time. Always be clear about how you can defend your use.

Decide What Data You Can Retain

…and what data you should securely remove. It’s already law that businesses shouldn’t collect and retain more information than is necessary, but the stakes will increase in 2019 with fines of up to 4% of global turnover.

Re-permission Your Database

…or update any details necessary. Start this process early, but be careful that you don’t breach one set of regulations trying to comply with another.

Review Your Privacy Policy

What are you telling individuals about how you’re using their information?
Transparency is key.

New Data Sources

Data that demonstrates activity as well as verifies an identity, qualifies a marketing lead or cleans a database. Businesses want added insight on what they already know – whether to stop fraudsters, protect vulnerable individuals or get the most from their customer relationships.

Mobile, lifestyle and biometric data add huge value to traditional sources. In developing markets, mobile coverage far exceeds credit footprints. This means non-traditional data sources are more valuable in the first place. Social media and behavioural data are also in huge demand as this can bridge the gap between someone’s online and offline identity.