The SCOPE KYC Cloud solution meets a large number of requirements set out in the General Data Protection Regulation 2018. The most important requirements are:
Transparency: the person whose data are being processed must be aware of this, given permission for this, and know his rights. Transparency arises because the client has full insight into and access to the stored data.
- Purpose limitation
Purpose limitation: the personal data are collected for a specific legitimate purpose and may not be used for other purposes. The SCOPE KYC has a clear purpose and data are limited based on the relevant legislation.
- Data limitation
Data limitation: only the data necessary for the intended purpose may be collected.
Accuracy: the personal data are and must remain correct. The accuracy is guaranteed because the client can change his or her data.
- Storage restriction
Storage restriction: the personal data may not be kept longer than necessary for the intended purpose.
- Integrity and confidentiality
Integrity and confidentiality: personal data must be protected against unauthorised access, loss or destruction.
Accountability: the controller must be able to demonstrate compliance with these rules.
Portability: a data subject may request the transfer of data to, for example, another asset manager
Pseudonymisation: This is a process which replaces identifying data with encrypted data using a particular algorithm. The algorithm can always calculate the same pseudonym for a person, allowing information about the person to be combined, even if they come from different sources. Pseudonymisation is different from anonymisation, in which a person cannot be linked to data from different sources.
A number of tasks and obligations laid down in the GDPR 2018 are adopted by SMT as manager of the SCOPE KYC Cloud database and by the Microsoft Azure Cloud Platform.
SMT has chosen for the Microsoft Azure Cloud Platform to host the SCOPE KYC solution. The Microsoft Azure Cloud Platform has committed itself to meeting certain aspects of the new GDPR 2018.
Curious about developments in this area? Sign up for the newsletter at firstname.lastname@example.org.