GDPR & PSD2

Compliance

Businesses should handle their customers private information with care.

Through adopting General Data Protection Regulation (GDPR) and Second Revised Payment Services Directive (PSD2) the European Union initiated a more serious approach to data privacy and security from the regulators. In this new view, how personal identifiable information (PII) is stored is one of the most important questions for businesses and organizations.

GDPR is designed to protect EU citizens, however its reach extends far beyond Europe, since it affects any business dealing with the private data of EU citizens, regardless of size and location. It defines organizations obligations but also defines citizens rights in the digital landscape which must be upheld.

PSD2, on the other hand, is a directive aimed at eliminating the banks' monopoly over customers' account and payment information and services. Its goal is to give customers more control over their finances through an obligation for banks to open their APIs across the financial sector and allow third-party providers to provide additional account and payment services.

Blinking helps institutions meet regulatory requirements.

We developed Blinking in respect to individual, personal information privacy and security. From the beginning we had these regulatory concerns in mind and developed many of the functions and components of our system in order to provide technical compliance. All the personal and private information is owned and controlled by the customer.

Using Blinking businesses comply with GDPR because they respect essential rights of their customers. Our DIMS gives customer right to access their digital identity and all provided private data. It provides data portability because digital identity is not tied to a particular device. AUTH's and KYC's internal log provides the right to be informed since customers always have the knowledge of who, when and for what purpose processes their personal information.

Our consent mechanism component provides customers with the right of rectification (correcting inaccurate information), right to restriction of data processing and right to erasure (case-dependent). They can provide or revoke access, change or delete their private data.

We address PSD2 key obligation of enabling verified and secure customer authentication with our core components.

Data security is our primary approach.

Blinking allows for the creation of verified digital identities and storing of different kinds of private data like personal user information, biometric data, financial and medical records as well as different data structures and documents.

Since we use private blockchain technology to enable many of our system's functions, data we collect about customers is never stored on the ledger in either business model. We never have access to it.

We store data in a distributed database system that can be accessed from smart contracts and ledger holds only signatures of data to ensure that no tempering is done off chain.

All personal data is stored in a secure distributed data storage. All data is encrypted at all times using built in network encryption mechanism. Data is signed and signature is stored in the ledger. Every description needs to be authorized by the network and upon checking the identity of the request issuer. Algorithm for key management is protected and ran in secure environment. Upon each decryption of the data, signatures are compared to ensure no tempering of data occurred. After data is used, a new set of keys is generated and data is re-encrypted in order to prevent any data breach that might have occurred by compromising the previous set of keys. Entire process of data management and authorization over the network is part of our patent.