The Key Elements of the GDPR

Melissa IN Team | GDPR | , , ,

GDPR Elements
Twenty years ago, when a customer bought a new pair of shoes, the only information given to the vendor was his or her shoe size. Today, most people shop online. Now, when a pair of shoes is bought online, the seller gets access to the customer’s name, address, phone number, email address, and credit card number in addition to their shoe size. That’s a lot of data.

As the amount of information about customers held by a firm increases, so does the organization’s responsibility for its ethical use. The General Data Protection Regulation (GDPR) is a set of regulations designed to protect personal data from misuse.

Key Elements of GDPR

The GDPR aims at protecting people’s fundamental rights with respect to their personal information. It is applicable to personal data that is processed completely or in part by automated means or data that is part of a filing system. These regulations are described in the form of 99 articles. The key elements of these articles are:


Under the new legislation, brands cannot collect or use personal information unless the customer gives consent for the same. Organizations will need to be able to show how and when they obtained this consent.

Right to be informed

When organizations collect data, they must inform consumers about why they are collecting this data, how it will be used and for how long it will be stored. Consumers also need to be informed of whether or not the information they provide will be shared internationally.

Right of access
Individuals have the right to ask for information on how the data provided by them are being used and processed by the organization. This information must be provided free of charge within one month of a request being made. However, a fee may be charged if the request is repetitive or unfounded.

Right to rectification

It might happen that a customer’s information held by a company is inaccurate. In such cases, the customer has the right to ask the company to make changes to the data in order to correct the inaccuracy. These changes must be made at the earliest.

Right to erasure

Customers can withdraw consent by closing their accounts and request organizations to stop using their personal data. Businesses and organizations will have one month from the time an account is closed to erase all private data associated with the account. Exceptions may be made when the data is being used to serve public interests.

Right to restrict processing

If a consumer believes that data about them has been procured unlawfully or if the data is inaccurate, they have the right to block its usage. The organizations holding this data will have to verify the data and inform the individual of the same.

Right to object

Under GDPR if individuals ask whether their personal data is being used to benefit public interests or for any other reasons, organizations are under obligation to give reasons for the same. They may also restrict the processing of their data for activities such as direct marketing.

Controller and Processor

GDPR defines a controller as the principal entity responsible for obtaining and managing consent with respect to the collection and storage of an individual’s data. The authority or person who processes this data is known as the processor. The controller and processor must maintain detailed records of the data held by them. GDPR also lays down clauses on how the relationship between these two entities must be constructed.

Data Protection Officer (DPO)

Organizations that collect data from their customers must have a DPO. The DPO will act as an advisor to the processor and controller, monitor GDPR compliance and train staff on how the data gathered from customers must be processed to be compliant with GDPR norms.

Notification of a data breach

Despite a company’s best efforts, a security breach may still occur. If this leads to the unlawful or accidental destruction, alteration or loss of personal data, the company must inform the appropriate supervisory authority of the same within 72 hours. Similarly, appropriate authorities must be informed if personal data is accessed or transmitted through unauthorized means.

If a company collects and stores personal data but does not comply with the GDPR regulations, they may face stiff fines and penalties. Thus, unless a brand wants to be in the news for the wrong reasons, compliance with GDPR is necessary. GDPR marks a shift in rights over individual data and hands power back to customers. That said, it is interesting to note that people aren’t uncomfortable with sharing their personal data with trustworthy brands. Compliance with GDPR can, in fact, enhance their buying experience and thus lead to longer-lasting relationships.

Your Deduplication Processes May be Leaving You at Risk for GDPR Fines

Melissa Team | Article, Data Audit, Data Matching, Data Quality, Duplicate Elimination, Fuzzy Matching, GDPR, Global Business, Global Data Quality, Identity Resolution | , , , , , , , , ,

Once-trusted fuzzy matching algorithms may be leaving your organization vulnerable to hefty GDPR fines. The balancing act of false-positives and false-negatives in single customer view (SCV) systems used to favor the false-negative side, with near negligible error results. However, the standard of that balancing act has now been redefined by the GDPR regulations. Find out how GDPR has moved the “match” goalposts, how to test your SCV platform, and what you need to do to keep your organization GDPR compliant.

New Report Examines Dueling Priorities in Banking: Identity Verification and Customer Experience

Author | Customer Identities, Data Quality, Digital Identity Verification, eIDV, GDPR, Global Data Quality, Global ID Verification, Identity Resolution, News & Events, Press Release | , , , , , , , , , , , , ,

Aite Group Assessment Highlights Melissa’s Approach to Verify Identity at Onboarding, Complementing Industry Mandate for Easy, Frictionless Banking

Rancho Santa Margarita, CALIF – February 27, 2019 – Melissa, a leading provider of global contact data quality and identity verification solutions, today announced availability of “Identity Verification: Successful Strategies to Minimize False Positives and Risk,” a new report commissioned by Melissa and produced by Aite Group. The paper explores the challenge of verifying identity without intruding on the customer experience, and the operational impact of false positives. Further, it addresses the need for next-generation solutions to help with identity verification (IDV) and presents Melissa’s approach to tackling these problems.

To better understand application fraud trends for both demand deposit accounts (DDAs) and credit cards, Aite surveyed executives from financial institutions (FIs) about their practices, perceptions and strategies, as well as 32 financial crime executives about pain points and planned technology spend. Given the size and structure of the research samples, the data provide a directional indication of conditions in the market.

Over 13 billion data records have been stolen or lost since 2013. Eighty-seven percent of those financial crime executives surveyed believe data breaches or phishing attacks are responsible for the bulk of digital channel fraud. Application fraud due to identity theft and synthetic identity fraud also play a substantial role. According to Aite, the combined impact of these attack schemes will cause more than US$2.7 billion in US credit card and DDA fraud losses through 2020.

“At the same time that the data breach threat rises, so do pressures on businesses to reduce or even eliminate friction from the customer experience,” said Julie Conroy, research director, Aite Group. “Today’s anytime, anywhere, 24/7 mindset has fueled consumer expectations for simplified yet elegant interactions with the brands with which they conduct business. The importance of ongoing investment in new technology cannot be understated. Data is the new currency and creating intelligence from data at scale can give firms a competitive edge.”

To address the dual challenges of reducing customer friction and mitigating fraud risk, FIs can leverage Melissa’s ID Verification technology which uses a multilayered process to access authoritative in-country data sets from all over the world containing billions of records to instantly validate an identity. The proofing process also includes national ID and age verification, and flags suspicious individuals who appear on any of dozens of Office of Foreign Assets Control and European Union watchlists to minimize risk and enable smarter decisions on next steps.

“When data quality is not part of the onboarding solution, the match between incoming identities and the repository relies on exact matching – an ineffective, error-prone practice that can result in myriad issues around KYC, or know-your-customer, and other regulations,” said Bud Walker, vice president enterprise sales and strategy, Melissa. “Melissa’s IDV solution works side-by-side with existing banking software platforms to increase match accuracy and reduce false positives, while ensuring the incoming data is valid and confirms the customer’s identity – effectively enabling new synergies between identity verification and positive customer experience.