“Companies panic about European privacy law” reads the headline of the article. “According to experts, companies have great difficulties complying with new European legislation on the protection of personal data.” Many European companies seem to realise that the privacy regulations not only concern a privacy policy on their websites, but particularly changes to IT systems and security.

The SCOPE KYC Cloud solution meets a large number of requirements set out in the General Data Protection Regulation 2018. The most important requirements are:

  1. Transparency
    Transparency: the person whose data are being processed must be aware of this, given permission for this, and know his rights. Transparency arises because the client has full insight into and access to the stored data.
  2. Purpose limitation
    Purpose limitation: the personal data are collected for a specific legitimate purpose and may not be used for other purposes. The SCOPE KYC has a clear purpose and data are limited based on the relevant legislation.
  3. Data limitation
    Data limitation: only the data necessary for the intended purpose may be collected.
  4. Accuracy
    Accuracy: the personal data are and must remain correct. The accuracy is guaranteed because the client can change his or her data.
  5. Storage restriction
    Storage restriction: the personal data may not be kept longer than necessary for the intended purpose.
  6. Integrity and confidentiality
    Integrity and confidentiality: personal data must be protected against unauthorised access, loss or destruction.
  7. Accountability
    Accountability: the controller must be able to demonstrate compliance with these rules.
  8. Portability
    Portability: a data subject may request the transfer of data to, for example, another asset manager
  9. Pseudonymisation
    Pseudonymisation: This is a process which replaces identifying data with encrypted data using a particular algorithm. The algorithm can always calculate the same pseudonym for a person, allowing information about the person to be combined, even if they come from different sources. Pseudonymisation is different from anonymisation, in which a person cannot be linked to data from different sources. 


A number of tasks and obligations laid down in the GDPR 2018 are adopted by SMT as manager of the SCOPE KYC Cloud database and by the Microsoft Azure Cloud Platform.

SMT has chosen for the Microsoft Azure Cloud Platform to host the SCOPE KYC solution. The Microsoft Azure Cloud Platform has committed itself to meeting certain aspects of the new GDPR 2018.

Curious about developments in this area? Sign up for the newsletter at marketing@scope.nl.