How many of you have been receiving a plethora of emails from sites you are signed up to espousing Privacy Laws? They cheerfully proclaim better communication and protection over your data and how it will be used. This sudden influx of emails is attributed to the General Data Protection Regulation in the EU that comes into effect May 28th, 2018.
The GDPR is designed to protect its citizens fundamental rights to privacy and their personal data that can identify the individual. This would include their name, address, email address, location data and even their computer IP address. Statistics from the European Commission (https://ec.europa.eu/justice/smedataprotect/index_en.htm) show that trust has been a major issue for individuals and that:-
‘only 15% of people felt they had control over their information online'
This enhanced GDPR provides a fairer playing field for businesses as now there is only one set of data protection rules that apply to all.
If data processing is a regular occurrence for a business, if data is a threat to people’s rights and freedoms or if sensitive material such as religious beliefs, racial or ethnic origin, sexual orientation, trade union membership, or health or criminal records is dealt with, a company must comply by providing extra security set forth in the EU regulations, irrespective of size.
If not, regulators will have the capacity to fine any company in breach.
Any request for information must undergo the WHO (you are and who receives it) WHY (do you want it) and HOW (long it will be stored). Not only must consent be given for information, but people must be able to access their data in case they wish to provide it to another company but also have the ability to have the data erased, if they desire.
Under the GDPR regulations the controller of the data and the processor of the data must abide equally to a standard that has been set and a third party cannot be involved without the consenting parties agreeing, legally.
Data breaches have been a big issue in the past where companies have not disclosed to their clients. In some cases, unless there has been discovery by another party, or a period of time such as, days, weeks or months and the situation has been rectified, users are unaware of the breach due to lack of action.
It will now be more difficult for large data companies not to
know what data it has, where it’s held, and what it’s doing with it.
With this recent expansion of the General Data Protection Regulation (GDPR) ICOs and crypto-related businesses are feeling the squeeze. A number of large platforms out there are NOT compliant and will not be able to serve one of the worlds largest markets, the European Union.
Every ICO wants to ensure they are compliant and thus the Know Your Customer (KYC) process has been implemented to leverage trust, but is this enough?
Bridge Protocol is eliminating much of the security risk for businesses as they do not compromise sensitive datahold like DOB, passport number or driver license number, a requirement of the GDPR privacy requirements.
A tiered verification system ensures that only those that are able to interact with their tier of verification can gain access to information. Multiple KYC providers with the best technology and algorithms to check multiple facets of information, verifying an identity, will be part of the Bridge Protocol marketplace.
In an effort to streamline business processes, users will simply be able to use their Bridge ID anywhere that accepts it and not have to repeat a verification process every time they engage with a business.
Bridge is also giving the user control of what information they share using their unique ‘Bring Your Own Key’ solution. This provides the user with anonymity thereby meeting the standards set by the GDPR for its citizens. An exciting future development is also the digitising of legal agreements to simplify the business process.
How does Bridge Protocol stack up against their competition for compliance? Currently Bridge Protocol is the only Identity Verification service focused on ICO’s and business requirements for legal services, regulatory compliance and streamlining the KYC process.
There is some overlap and similarities between service providers however Bridge Protocol has been built with government regulation in mind, creating a safe and secure marketplace for crypto related businesses. They are positioned to be the enterprise level business solution and ‘standard’.
There are some marked differences between Bridge Protocol and their competitors namely:
Civic for example, is focused on creating a seamless link between the identified validation provider and requesting service providers. It requires the user to store information on its app which is protected with encryption and biometrics and operates on a platform that is not as optimized as NEO framework for identity management. As a mitigation measure they offer Identity Theft Protection, monitoring and insurance.
Pikchiochain through their app service and proprietary software uses, the PikcioMe wallet on a mobile. The users device acts as the server that stores information and interacts with the network. Though they are focused on alleviating the business risk associated with storing customer information the steps they have taken is to revert the risk, by placing control of that data with the customer. Unfortunately this creates issues if the mobile device is stolen or hacked and if the data resides on the network how does that meet the regulatory framework land protocols of data protection set forth by the EU?
Whether businesses like it or not those engaging with people online must now abide by the General Data Protection Regulation in the EU. Bridge Protocol is doing that by working within the regulation to assist businesses in the crypto ecosystem.
By fostering transparent information handling practices and business accountability around data handling, users will regain the trust of businesses. This trust will see additional benefits across the board for all.