Argos KYC GDPR Compliance
What is GDPR (General Data Protection Regulation)?
- The General Data Protection Regulation is a law on data protection and privacy in the European Union and the European Economic Area, which came into effect on May 25, 2018. The GDPR strengthens the rights of Data Subject and corporate responsibility and specifies the requirements for data transfer to non-EU regions.
Who is subject to the GDPR?
- GDPR is the joint responsibility of all entities that handle personal information and is defined as follows:
- Argos KYC’s client company acts as a Data Controller when processing personal information of EU Data Subject.
- Argos KYC acts as a Data Processor, processing KYC data submitted by each Data Subject.
- Argos KYC utilizes Amazon Web Services and Naver Cloud as Subprocessors.
How does Argos comply with the GDPR?
- As a Data Processor, Argos KYC comply with the GDPR in the following ways:
- Encryption (Article 32) – All stored personal information is safely encrypted.
- Restricted access – Access to all information Argos processes is restricted.
- Only authorized personnel have access to the database and granular control over access privileges for each dataset.
- Subprocessors can only be accessed from validated IP addresses and devices .
- Compliance with international standards – Argos is ISO 27001 (Information Security Management System: ISMS) certified.
- Data Protection Officer
- Director: Lee Jae-joon
- Department: Private information protection
- Data usage restriction – Personal data collected for Controller’s specified purpose, are not processed further in a manner incompatible with the purpose.
- Rights of Data Subject – Any data subject has the right to contact Argos (firstname.lastname@example.org) and request that the data relating to him or her be rectified or erased. Argos notifies the data subject without undue delay after rectifying or erasing data as requested. Regardless of their nationality, all data subjects shall have the same right to their personal data.
- Notification of a personal data breach to the supervisory authority (GDPR Article 33.2) – Argos must notify the controller without undue delay after becoming aware of a personal data breach.
Controller’s responsibilities to comply with the GDPR
- Argos recommends our clients, the Controller, to inform the Data Subject of the following:
- Argos(Processor) utilizes Amazon Web Services and Naver Cloud as the Subprocessors in its delivery of its services.
- It is highly recommended to obtain ‘explicit consent’ from the Data Subject for the processing of his/her personal data. Argos provides technical support to obtain ‘explicit consent’ from the Data Subject.