quora
Explore More

Shufti globally launches webinr-icon - a new kind of identity solution!

Shufti globally launches - a new kind of identity solution!

Read more

Shufti GDPR Review 2018: How we protected our clients from regulatory fines?

GDPR

Shufti stands out in KYC industry not only because of its highly customizable and global identity verification services but because of the unique regulatory protection provided by Shufti to its customers. After all, the collection of personal information to authenticate the true identity of an end-user puts both Shufti and its customers at a substantial risk. Regulators from all over the world have put forward strict privacy laws and regulations that not only dictate strict guidelines for personal data collection but also want companies to follow set rules when it comes to using personal information of a common user.

GDPR was one of the most comprehensive and powerful regulations introduced a couple of years back and July 2018 was the deadline for businesses to become GDPR Compliant. This set of rules was applicable for businesses that were either based within the European Union or even those that were based outside of EU but provided services to its citizens. In order to safeguard its customers from multi-million dollars fines – fines for businesses found in breach of GDPR – Shufti aligned its verification services in line with GDPR specific guidelines.

GDPR guidelines for Identity Verification Services by Shufti

GDPR never had any specific guidelines set out for identity verification services or for third party KYC service providers. In fact, it was a generic set of instructions for any business that was collecting personal information of its customers and the privacy guidelines that these businesses have to follow.

As a third-party verification service that was verifying the identity and financial risk attached to customers of online businesses, Shufti designated a special role for itself as per the specific terminology introduced by GDPR i.e. processor of data. This made our clients collecter of personal information in order to verify the identity of incoming users.

Read: Try Shufti KYC Services Free of Cost for 7 Days Now

It meant that although, Shufti was the business entity that was tasked to verify the personal information claimed by end-user it was the responsibility of Shufti client to secure that data. On our own end, the collected information was secured from not only any brute force attack but special protocols were developed to delete the collected data, when a request was received either from Shufti client but also from an end-user as well.

KYC Verification procedure under GDPR

Shufti only collects data for verification purposes as per the legal agreement signed by Shufti and its customers. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement. We have even added a consent button at the form where a customer is supposed to fill its identification details. We also provide the option for customers to go through our data protection, privacy policy and Terms & Conditions, to ensure full transparency.

Access Rights

User can request access to the personal data he has shared with Shufti about himself. Personal data is anything identifiable, like his name and email address. If he requests access, Shufti (as the processor) need to provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS). Daniel can also request to see and verify the lawfulness of processing. A client can seek access to their data by asking Shufti of what they require at [email protected]. We at Shufti believe to be at legal and moral obligation to facilitate any manner of an individual rights request. Shufti enables you to grant any access request by easily exporting user record into a machine-readable format.

Deletion Rights

Under the GDPR, the user has the right to request that Shufti delete all personal data it has collected from him. The GDPR is required to permanently remove userís contact from their database, including verification results, all personal information, saved images/video, form submission data, and credit card data. In a GDPR compliant manner, a client can seek to have their data deleted by querying Shufti at [email protected]. The Data protection officer at Shufti in most cases will respond back within a 30 day period. In many cases, the right to deletion is not absolute and can depend on the context of the request, so it doesnít always apply.

Related Posts

Blog

Leveling Up Identity Verification To Meet This Moment

Evolution has always been a defining trait of the identity verification space. The COVID-19 pande...

Leveling Up Identity Verification To Meet This Moment Read More

Blog

A Fintech’s Journey to 100% Compliance and Rapid Growth

Read on to learn about the keys to My EU Pay’s success. Staying Competitive as a Fintech Founded ...

A Fintech’s Journey to 100% Compliance and Rapid Growth Read More

Blog

Identity Verification Isn’t Just for Compliance Anymore

As the article indicates, that fight involves identity verification becoming a mainstream phenome...

Identity Verification Isn’t Just for Compliance Anymore Read More

Blog

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud

Decoding the 2023 Fraud Landscape | Analyzing Shufti’s Millio...

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud Read More

Blog

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024

Video KYC (VKYC) is a method of verifying the identity of an individual or entity by leveraging v...

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024 Read More

Blog

A 2024 Overview of Identity Document Forgery

What is Document Forgery: The Common Types  Identity document forgery is a serious crime that can...

A 2024 Overview of Identity Document Forgery Read More

Blog

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs]

The acronym Politically Exposed Persons [PEPs] first emerged in the 1990s, known as Senior Foreig...

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs] Read More

Blog

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification

In general, identity proofing and identity verification are essentially the same processes, as th...

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification Read More

Blog

Leveling Up Identity Verification To Meet This Moment

Evolution has always been a defining trait of the identity verification space. The COVID-19 pande...

Leveling Up Identity Verification To Meet This Moment Read More

Blog

A Fintech’s Journey to 100% Compliance and Rapid Growth

Read on to learn about the keys to My EU Pay’s success. Staying Competitive as a Fintech Founded ...

A Fintech’s Journey to 100% Compliance and Rapid Growth Read More

Blog

Identity Verification Isn’t Just for Compliance Anymore

As the article indicates, that fight involves identity verification becoming a mainstream phenome...

Identity Verification Isn’t Just for Compliance Anymore Read More

Blog

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud

Decoding the 2023 Fraud Landscape | Analyzing Shufti’s Millio...

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud Read More

Blog

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024

Video KYC (VKYC) is a method of verifying the identity of an individual or entity by leveraging v...

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024 Read More

Blog

A 2024 Overview of Identity Document Forgery

What is Document Forgery: The Common Types  Identity document forgery is a serious crime that can...

A 2024 Overview of Identity Document Forgery Read More

Blog

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs]

The acronym Politically Exposed Persons [PEPs] first emerged in the 1990s, known as Senior Foreig...

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs] Read More

Blog

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification

In general, identity proofing and identity verification are essentially the same processes, as th...

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification Read More

Take the next steps to better security.

Contact us

Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

Contact us

Request demo

Get free access to our platform and try our products today.

Get started