Compliance
Many initiatives worldwide have dedicated significant effort to updating legislation and regulation over the operation of the personal data economy and the processing of our personal and professional identity data (PPID) – regulation has had to catch-up with our fast paced technology advances. What has also drawn the attention of regulators is the inequities that have emerged which serve to undermine the great benefits of our connected world – lack of transparency. The large-scale processing of PPID flows to a few of the largest most powerful servers who dominate the personal data economy. The regulations aim to restore a balance so that the needs and rights of Identity Controllers, Identity Processors and Identity Owners are all served without detriment to any of the parties.
The following are some examples (not an exhaustive list) that shape a well-defined solution domain and they share common principles that bring unprecedented transparency to Identity Owners where, for example, associated PPID no longer persists indefinitely. All kinds of organisations, as Identity Controllers or Identity Processors, are accountable for the lawful processing of our PPID:
- Canada Privacy Act legislation and regulations (see here)
- Australia Privacy Regulation 2013 (see here)
- South Africa Protection of Personal Information Act 2013 (POPIA) (further reading…)
- EU Electronic Identification, Authentication and Trust Services (eIDAS) 2014 (further reading…)
- USA California Consumer Privacy Act of 2018 (further reading…)
This new era of compliance (Regulatory Technology – RegTech ) offers the opportunity for standardisation of the processing of our PPID and e-ntitle.® is so designed as data protection by design and by default in the lifecycle management our PPID.
e-ntitle.® implements the requirements of data protection regulation and legislation for Identity Controllers, Identity Processors and Identity Owners alike.