Runs On Your Cloud
No Data Sharing
Explore Now
Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
eIDV
NFC Verification
Consent Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
Behavioural Biometrics
Device Fingerprinting
MFA
AML Screening
Business AML Screening
User Risk Assessment
Transaction Screening
Adverse Media Screening
Identity Verification
KYC
KYB
KYI
Bonus Abuse
Fraud Prevention
Banking
Crypto
Fintech
Forex
Gaming
Gig Economy
Marketplace
Social Networks
Product Managers
Compliance Officers
Fraud Analyst
Global Trust Platform
Journey Builder
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
Blind Spot Audit
Deepfake Detection
Liveness Detection
Document Originality
Document Deepfake
Events & Webinar
Podcast Studio
Spotlight Studio
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Compliance
Supported Document
About
Career
Press Release
Certifications
Partnership
Awards
Shufti GDPR Review 2018: How we protected our clients from regulatory fines?
Shufti stands out in KYC industry not only because of its highly customizable and global identity verification services but because of the unique regulatory protection provided by Shufti to its customers. After all, the collection of personal information to authenticate the true identity of an end-user puts both Shufti and its customers at a substantial risk. Regulators from all over the world have put forward strict privacy laws and regulations that not only dictate strict guidelines for personal data collection but also want companies to follow set rules when it comes to using personal information of a common user.
GDPR was one of the most comprehensive and powerful regulations introduced a couple of years back and July 2018 was the deadline for businesses to become GDPR Compliant. This set of rules was applicable for businesses that were either based within the European Union or even those that were based outside of EU but provided services to its citizens. In order to safeguard its customers from multi-million dollars fines – fines for businesses found in breach of GDPR – Shufti aligned its verification services in line with GDPR specific guidelines.
GDPR guidelines for Identity Verification Services by Shufti
GDPR never had any specific guidelines set out for identity verification services or for third party KYC service providers. In fact, it was a generic set of instructions for any business that was collecting personal information of its customers and the privacy guidelines that these businesses have to follow.
As a third-party verification service that was verifying the identity and financial risk attached to customers of online businesses, Shufti designated a special role for itself as per the specific terminology introduced by GDPR i.e. processor of data. This made our clients collecter of personal information in order to verify the identity of incoming users.
Read: Try Shufti KYC Services Free of Cost for 7 Days Now
It meant that although, Shufti was the business entity that was tasked to verify the personal information claimed by end-user it was the responsibility of Shufti client to secure that data. On our own end, the collected information was secured from not only any brute force attack but special protocols were developed to delete the collected data, when a request was received either from Shufti client but also from an end-user as well.
KYC Verification procedure under GDPR
Shufti only collects data for verification purposes as per the legal agreement signed by Shufti and its customers. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement. We have even added a consent button at the form where a customer is supposed to fill its identification details. We also provide the option for customers to go through our data protection, privacy policy and Terms & Conditions, to ensure full transparency.
Access Rights
User can request access to the personal data he has shared with Shufti about himself. Personal data is anything identifiable, like his name and email address. If he requests access, Shufti (as the processor) need to provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS). Daniel can also request to see and verify the lawfulness of processing. A client can seek access to their data by asking Shufti of what they require at [email protected]. We at Shufti believe to be at legal and moral obligation to facilitate any manner of an individual rights request. Shufti enables you to grant any access request by easily exporting user record into a machine-readable format.
Deletion Rights
Under the GDPR, the user has the right to request that Shufti delete all personal data it has collected from him. The GDPR is required to permanently remove userís contact from their database, including verification results, all personal information, saved images/video, form submission data, and credit card data. In a GDPR compliant manner, a client can seek to have their data deleted by querying Shufti at [email protected]. The Data protection officer at Shufti in most cases will respond back within a 30 day period. In many cases, the right to deletion is not absolute and can depend on the context of the request, so it doesnít always apply.
