ShoCard meets EU’s GDPR ‘Privacy by Design’ standards

ShoCard, a blockchain-based identity management system (IMS), has met the European Union’s (EU) new regulatory framework for data, known as GDPR, ‘Privacy by Design’ standards.

Based in California, ShoCard is a mobile-identity platform built using blockchain technology, providing a ‘simple and intuitive mobile application’ for authentication while protecting users’ privacy. It allows for a variety of use cases, such as repeat authentication, true-digital signature with non-perishable audit-trail, transaction authorization to prevent fraud, frictionless login services without username/passwords.

The company claims to remove the necessity for authentication data to be stored on organisation databases. Instead, it is stored completely on the user’s mobile device, secured with their private key and shared via the blockchain.

“The problem with merely encrypting data is that it’s not secure enough to be a full solution to GDPR and data privacy requirements. If the key to the encrypted data is ever found, then it can be accessed by hackers,” said Armin Ebrahimi, CEO and founder of ShoCard. “IMSs using blockchain technology, like ShoCard’s solutions, remove the need to store PII at all, which circumvents the necessity of large, vulnerable databases and meets GDPR requirements.”

Companies that collect data on citizens in European Union (EU) countries, whether they are located in the EU or not, are expected to have GDPR compliant solutions in place ahead of the legislation’s enforcement date of May 25, 2018. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

ShoCard’s platform reduces requests to access, erase and correct user data, as the data is not stored on company databases. Organisations also obtain definitive proof of consent for permission-based user data. Its solutions facilitate permission-based access of information by giving users control of the sharing of their data, leaving an audit trail of consent on the blockchain. The user can remove that consent at any time, satisfying the GDPR’s right to erasure.

In the financial services space, the company claims to enable an institution to qualify an individual for a particular qualification (e.g., credit score > 700). The user is then given the credit score and it’s saved locally on their phone and that individual’s certification is hashed and then digitally signed by the banks private key and placed onto the blockchain so that any other associated institution could then be passed that certification by the customer.

Last year, the company has raised $4m in new funding from a range of investors, taking its total venture funding to $5.5m.

The round was co-led by AME Cloud Ventures and Morado Venture Partners, two of the company’s existing stakeholders. Storm Ventures, Danhua Capital and Correlation Ventures, as well as Recruit Strategic Partners and investor Robert Tinker, also participated in the round.

Copyright © 2018 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.