GDPR compliant
by design

Better UX, higher security, quick implementation,
more flexibility and reduced cost

GDPR & Keyp

Keyp helps to comply with GDPR, increase IT security, build trust with users and minimise business and financial risk exposure. At the same time, it achieves better registration/login processes conversion through step-up authentication. Data security is also improved for users by reducing the need for central data storage – without loss of information for service providers. Keyp’s decentral architecture cuts cyber security cost and closes an attack vector by storing identity attributes on users’ devices.

Data minimisation

Tokenized, verified identity attributes available at every user touch point – no need for central storage

Increase safety for user & company by reducing data volume on record

Select which user data to collect, record and/or anonymise – and make changes anytime

User consent

User consent is explicit and session-based

Wallet clearly shows the data objects to be transmitted

Optional: create multiple paths for identification, where user is allowed to decline providing
one attribute and opt for an alternative

Privacy by design

Ensure integrity of user account via multi-factor authentication (MFA) –
before any data processing takes place

Identity attributes saved on ’blind’ storage without server component

Decentral architecture & data encryption

Optional setup: Make Data Privacy Officer approval mandatory before login processes publication

Cost reduction & flexibility

Reduce organizational, operational and project related
cost and time via architecture agnostic solution

Minimize financial risk associated with GDPR compliance

No vendor lock-in

GDPR at its core

The General Data Protection Regulation seeks to create a harmonised data protection law framework across the European Union and aims to give citizens back the control of their personal data.

The GDPR imposes strict rules on those hosting and processing data from subjects residing in the EU. The regulation also introduces rules relating to the free movement of personal data within and outside the EU.

The General Data Protection Regulation seeks to create a harmonised data protection law framework across the European Union and aims to give citizens back the control of their personal data.

The GDPR imposes strict rules on those hosting and processing data from subjects residing in the EU. The regulation also introduces rules relating to the free movement of personal data within and outside the EU.

Following recent data breaches and other news-worthy stories, individuals are increasingly data-savvy and:

  • understand how brands use their data for sales and marketing purposes
  • are aware of their rights relating to their personal data
  • are concerned about the well-publicised threat: theft of data and digital identity

To build trust with users, you have to become increasingly transparent about how you use and protect user data. Merely complying with GDPR will not suffice.

Non-compliance with the GDPR and negligence of data security could result in hefty fines and reputational damage

The GDPR leaves much to interpretation. Companies shall provide a “reasonable” level of protection for personal data, for example. But what constitutes “reasonable” is not explicitly defined. This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches (e.g. loss of user data due to cyber crime) and non-compliance.

Cyber security costs predicted

In Steve Morgan’s CSO online article he states that damages caused by cyber crime are on their way to hit $6 trillion annually by 2021. This represents the greatest transfer of economic wealth in history and will become bigger than the global trade of all major illegal drugs combined.

This puts at risk the incentives for innovation and investment. Keyp is a GDPR-compliant solution for leveraging verified, secure and up-to-date identity information. It also ensures data sovereignty for users, employees, suppliers and customers: owners of their identity.

In Steve Morgan’s CSO online article he states that damages caused by cyber crime are on their way to hit $6 trillion annually by 2021. This represents the greatest transfer of economic wealth in history and will become bigger than the global trade of all major illegal drugs combined.

This puts at risk the incentives for innovation and investment. Keyp is a GDPR-compliant solution for leveraging verified, secure and up-to-date identity information. It also ensures data sovereignty for users, employees, suppliers and customers: owners of their identity.

Now let us lead you through the nitty-gritty details of the GDPR and how Keyp can help you become compliant, increase cyber security and reduce associated cost.

What types of personal data does the GDPR protect?

  • Basic identity information
    such as name, address
    and ID numbers
  • Web data such as location,
    IP address, cookie data
    and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethic data
  • Political opinions
  • Sexual orientation

Now let us lead you through the nitty-gritty details of the GDPR and how Keyp can help you become compliant, increase cyber security and reduce associated cost.

What types of personal data does the GDPR protect?

  • Basic identity information
    such as name, address
    and ID numbers
  • Web data such as location,
    IP address, cookie data
    and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethic data
  • Political opinions
  • Sexual orientation

Key drivers of the GDPR

Data Minimisation

Data Minimisation (Art. 5.1d) requires that data collected and processed should not be held or used further. Unless, this is essential for reasons clearly stipulated in advance to support data privacy. In the GDPR, this is defined as data that is adequate, relevant and appropriate.

Keyp enables customisation of the level of anonymisation per use case.

GDPR_Data-Minimisation

Benefits of Data Minimisation via Keyp
Risk from data loss or theft is reduced for both, user and company.
Reduce organisational cost and financial risk associated with GDPR compliance.

User Consent

With Keyp, by definition all transactions are covered by valid user consent (Art. 7).

EXPLICITNESS

By clicking ‘Confirm’ the user consents to the processing of its personal data. Proof of consent must be recorded.
(Art. 4 No. 8, Art. 7 No. 1)

VOLUNTARINESS

Multiple login paths are offered to the user, so an alternative route could be chosen. Thus, the user can be identified even if the processing of certain identity attributes is rejected.
(Recital 32)

TRANSPARENCY

Using Keyp’s digital Wallet App, a user clearly sees which data objects will be transmitted. By clicking on an attribute, all of the data to be processed is stipulated.
(Art. 7 No. 2)

Privacy by Design

APPROVAL BY DATA PRIVACY OFFICER

Before a new or altered registration/login process can go ‘live’, a Data Privacy Officer’s approval can be set as a mandatory requirement.
(Art. 32 No. 1d)

MULTI-FACTOR AUTHENTICATION ACCESS MANAGEMENT

Keyp allows you to easily integrate an MFA (multi-factor authentication) before any data processing takes place. This ensure the integrity of a user account.
(Recital 32)

DECENTRALIZED ARCHITECTURE

The risk arising from loss of data is significantly reduced by minimizing and dynamically encrypting every instance of data collection. This reduces the total data volume on record.
(Art. 7 No. 2)

Optimize for privacy by design with Keyp’s architecture (Art. 25).