GDPR is not a new law, it is an update to existing data protection law, but we are already implementing some aspects as privacy and security are core to our design and principles. Protecting personal data is paramount. We are ISO 27001 compliant and our technology undergoes regular penetration testing by leading security consultancies.
Here is how Yoti puts into practice several key GDPR principles and requirements.
- Privacy by design: Yoti offers out of the box identity verification, authentication and login. It’s a single privacy by design solution that allows you to set up your identity once and then only share the relevant aspects of that identity with peers and organisations.
- Data minimisation: Yoti doesn’t store photos or copies of your ID document, it extracts the individual details so they are available to share when needed. This means you only share what’s necessary, not the entire contents of your ID document.
- Security: Yoti’s security by design stores data in our Tier 3 data centres so your data isn’t at risk if you lose your phone. Each data type (such as name, date of birth, photo) is held separately and encrypted in secure servers which means that there is no way of combining the data to build a full profile. It also means no one has any access to your details except you, as only you have the decryption key to bring your data together. As long as you set up the ‘recovery’ step, you can still recover your account and your data even if you lose your phone.
- Transparency: As you set up and use the app, we set out what information we’re asking for and why. Also, when you use Yoti to share identity details with a third party, we clearly present you with the details requested, and you choose whether to share them. Both you and the third party get a receipt showing what data was shared and when. The setup for an organisation to request details from you using Yoti allows them to provide you with their privacy information.
- Your rights: All the information in your Yoti is added by you so you can see it at any time. You can also download your identity details and the receipts provide an audit trail of what information you shared, with who, and when. You can delete your account at any time in the app settings.
- Yoti provides a quick, online, privacy friendly and secure identity verification solution without requiring the collection and storage of copies of ID and other personal documents.