ShoCard Helps You Comply
with GDPR

Compliance by

May

25

2018

Complying with the GDPR:
Identity Management

GDPR (General Data Protection Regulation) is a European Union regulation that requires businesses to change the way they store personal identifiable information(PII) on EU individuals. The regulation includes any information related to a person, such as:

  • Name
  • Photo
  • Biometric Data
  • Medical / Genetic Data
  • Demographic Data
  • Bank info
  • Social Media Activity
  • Email
  • Location
  • Cookies
  • RFID Tags
  • IP Address

The GDPR is designed to give prospects, customers, contractors, employees, etc. more power over their data and less power to the organizations that collect and use such data for monetary gain.

What Personal Data Does Your
Organization Really Need?

Ask Your Self

  • Why are we saving this data?
  • What are we trying to achieve by collecting this personal information?
  • Is the financial gain of deleting this information greater than encrypting it?

More about GDPR

source: Forrester’s Predictions of 2018

Risks

Companies that don’t comply are subject
to regular audits and tough fines of €20million
or 4 percent of global annual revenue.

ShoCard and ShoBadge Identity
Management (IM) Solutions

Our turnkey blockchain-based IM platform gives users control over their data and helps your company toward GDPR compliance by allowing you to:

  • Authenticate your users without storing their PII data
  • Reduce requests to access, erase, and correct user data
  • Obtain definitive proof of consent for permission-based
    user data

Who Needs to Comply?

Any company processing and holding the personal data of persons residing in the European Union, no matter where the company is located or where its data is processed. The rules apply to both controllers and processors; meaning “clouds” are not exempt.

If Your Company…

Then you can Benefit From:

Alternative Product

Customers
Prospects
Employees
Contractors

Alternative Product

Customers
Prospects
Employees
Contractors

ShoCard Authentication

With ShoCard, your user’s authentication data is NOT stored in your database. Instead, it’s stored completely on their mobile device; secured with their private key and shared via the blockchain. Multi-factor authentication is done completely without usernames and passwords by leveraging TouchID/PIN and true non-reusable biometrics via facial recognition on the device itself, as well as further authentication via secure private and public key verification. ShoCard’s validations on the blockchain protects a user’s privacy,
because the original data can never be reverse engineered and can only be used, with the user’s permission, to independently verify the authenticity of the user. This is a significant advantage over encrypted
authentication data.With user privacy at the core of ShoCard’s value proposition, ShoCard solutions meet “Privacy by Design” standards.

Furthermore, Individuals’ rights granted by the GDPR require companies to respond to an individual’s request to access, correct, and erase their data. If your company can manage authentication without storing personal data, then you reduce the friction of compliance by significantly reducing user’s requests to access, erase, and correct their data. If you don’t have the data, there’s nothing to access, erase, or correct.

Why Encryption is Not Enough

Hashed Self-Certification Goes on
the Blockchain

* Data is not stored in a vulnerable database.
** Digital signature is hashed data on the blockchain CANNOT be reversed engineered into PII.

ShoCard’s Permission-based Information Access

The GDPR gives EU subjects the right to withdraw consent at anytime, which presumes an individual’s consent is required for specific actions. Providing opt-out options or disclaimers are no longer enough. Organizations will have to prove that consent was given. Any data held, must have an audit trail. ShoCard solutions facilitate permission-based access of information by giving users control in the sharing of their data, leaving an audit trail of consent on the blockchain. The user signs requests for PII* data with their private key, and that signature is verified on the blockchain, giving definitive proof of consent. The user can remove that consent at any time they desire, satisfying the GDPR’s right to erasure.

*PII data can include more than name, email, address, but also bank account, credit card, college degrees, or any other user-related data the user chooses to share.

Third Party Certifies Users on the Blockchain

Your Company Verifies Users on the Blockchain

Build Customer Trust
and Loyalty

Blockchain technology makes it inevitable that users will eventually gain back control of their data. Companies who show they value their users’ privacy and provide ways for them to protect their data before the momentum of the blockchain (or legal compliance) requires it, have the opportunity to build trust and create more loyal customers.

ShoCard is a turnkey solution that handles the blockchain
certifications and verifications, so you don’t have to.

Copyright © 2018 ShoCard

Image