ARGOS Identity GDPR Compliance

What is GDPR (General Data Protection Regulation)?

The General Data Protection Regulation is a law on data protection and privacy in the European Union and the European Economic Area, which came into effect on May 25, 2018. The GDPR strengthens the rights of Data Subject and corporate responsibility and specifies the requirements for data transfer to non-EU regions.

Who is subject to the GDPR?

GDPR is the joint responsibility of all entities that handle personal information and is defined as follows :

  1. ARGOS Identity’s client company acts as a Data Controller when processing personal information of EU Data Subject.
  2. ARGOS Identity acts as a Data Processor, processing KYC data submitted by each Data Subject.
  3. ARGOS Identity utilizes 3rd party as subprocessors such as Amazon web service.

How does ARGOS Identity comply with the GDPR?

As a Data Processor, ARGOS Identity complies with the GDPR in the following ways :

  1. Encryption (Article 32): All stored personal information is safely encrypted.

  2. Restricted access: Access to all information ARGOS processes is restricted.

  3. Compliance with international standards:

    ARGOS is ISO 27001 (Information Security Management System: ISMS) certified.

  4. Data Protection Officer

  5. Data usage restriction : Personal data collected for Controller’s specified purpose, are not processed further in a manner incompatible with the purpose.

  6. Rights of Data Subject : Any data subject has the right to contact ARGOS([email protected]) and request that the data relating to him or her be rectified or erased. ARGOS notifies the data subject without undue delay after rectifying or erasing data as requested. Regardless of their nationality, all data subjects shall have the same right to their personal data.

  7. Notification of a personal data breach to the supervisory authority (GDPR Article 33.2) : ARGOS must notify the controller without delay after becoming aware of a personal data breach.