AgeChecked – The General Data Protection Regulation

The GDPR is a new data protection framework which comes into effect for all businesses operating within the EU from 25th May 2018

AgeChecked and the GDPR

The GDPR was created to better protect EU citizens’ personal data by providing a standardised regulatory framework across all the member countries. The goal of the regulation is to give consumers more clarity on where their data is held, how long it is held, and for what purposes it is being used.

25th May 2018 was the enforcement date of the regulation. Organisations in non-compliance may face serious penalties. It is extremely important that data processes within your organisation are GDPR compliant and that all organisations that process your client data on your behalf understand and fulfil their obligations to the GDPR.

AgeChecked processes EU residents’ personal data and is therefore subject to the GDPR framework.

The GDPR Data Protection Principles:

There are 6 key GDPR principles. AgeChecked follows each of them rigorously when collecting and processing personal data.

Lawfulness, fairness and transparency:

  • Our terms and conditions clearly state how personal data is processed and these are made available to all our account holders.
  • We require website operators who use our services, to clearly communicate to their customers the age checking processes they ask us to carry out.

Integrity and Confidentiality:

  • AgeChecked employs the highest industry security standards to ensure data is processed in a manner which ensures the protection of all personal data.
  • AgeChecked operates a privacy-by-design principle. All processes are optimised to reduce the risk of accidental loss, destruction or damage.
  • Wherever possible, anonymous verification methods are used for age checks, rather than processes requiring the transmission of personal details.
  • Age verification is anonymised to maintain confidentiality: all personal data is removed from the system once verification is complete.

Data Minimisation:

  • A user’s personal data will only be processed if it is part of an age check.

Accuracy:

  • AgeChecked does not hold personal data sets. Third party data sets are sometimes used to confirm an individual’s age.
  • AgeChecked works only with GDPR compliant data providers who can demonstrate the accuracy of their data, including processes whereby individuals can request that data is rectified or erased if it is found to be inaccurate or incomplete.
  • AgeChecked account holders with reason to believe that their age verified account has been set up using incorrect data, can close their account at any time.

Storage Limitation:

  • AgeChecked does not store personal information.
  • Personal information which has been processed as part of age verification is not retained once the process is complete.

Purpose Limitation:

  • We do not share personal data with third parties, except for the purpose of age checking.
  • We only process data for age checking purposes and for the routine management of employees.
Keeping up-to-date with the GDPR

The GDPR will be a concern to most if not all of our business partners, especially around this time. For this reason we will be regularly posting GDPR relevant posts on our blog and posting links that we find informative and useful.

Take a moment to read our blog and subscribe to our twitter feed, where we regularly post GDPR related news.

Here are some useful links on GDPR:

  • ICO’s overview of the General Data Protection Regulation
  • A guide to preparing for the General Data Protection Regulation, including twelve steps to take now
  • ICO’s GDPR blog
Open Identity EXChange
PCI Security Standards
The Lotteries Council
PIF
Digital Policy Alliance
Top