The following highlights the major GDPR-related topics of relevance and how IDMERIT is working to abide by the law to the fullest extent possible:
Consent
According to GDPR, processing of personal data can only take place if an individual has given clear consent. Consent must be given in aclear, unambiguous, and informed manner. Once this consent has been given, an individual's personal data can be stored and used for many different purposes, including identity verification. IDEMRIT has been working diligently to renegotiate contracts with its EU data providers as a result of these changes. In addition to the new contracts, we are certain that consent-based and GDPR-compliant personal data being given for our services.
Security
According to the GDPR, it is no longer acceptable to transfer personal data outside of the EU in response to a third country's legal need. The identity verification solution from IDMERIT connects to data sources in many nations via a secure API to verify Person A's identification. In order to prevent cross-border transfers of personal data from EU nations and to ensure that the data is protected, the test result is sent back to the place where the validation request was made.
Legitimate Interest
By validating that personal data has been received with consent and maintaining it in its country of origin, IDMERIT is being proactive in complying with GDPR. Moreover, they guarantee that requests are processed lawfully, such as to preserve KYC and AML compliance.
