SocialScore GDPR compliance
SocialScore GDPR compliance
The European Union’s General Data Protection Regulation (GDPR) is a regulation that applies to companies, non-profit organizations, and public entities worldwide to strengthen data protection for all individuals within the EU. This regulation is essential for companies as it enforces strict rules for data collection and processing, and violation of these rules can result in heavy fines.
For businesses that use data analytics tools like SocialScore, ensuring GDPR compliance is a must. Failure to comply with GDPR regulations can lead to serious consequences, including hefty fines of up to 4% of the company’s yearly revenue or €20 million, whichever is greater. In this article, we will discuss how SocialScore Analytics is GDPR-compliant and can help businesses meet these regulations.
Data Anonymization: Data anonymization is a critical aspect of GDPR compliance. SocialScore Analytics ensures that sensitive data is anonymized. This is crucial as it protects the privacy of individuals and ensures compliance with GDPR regulations.
DPO Manager: SocialScore Analytics provides a GDPR manager, which is a tool designed to help businesses manage their GDPR compliance. This tool enables businesses to keep track of their data processing activities, identify any risks or vulnerabilities in their systems, and take corrective actions if necessary.
Users Can Opt-Out of All Tracking: GDPR compliance requires businesses to provide individuals with the ability to opt out of all tracking activities. SocialScore Analytics enables users to opt out of tracking at any time, ensuring GDPR compliance after verifying their profile.
First-Party Cookies by Default: SocialScore Analytics uses first-party cookies by default, which is essential for GDPR compliance. First-party cookies ensure that data is collected and processed with the user’s consent and is only used for the specific purpose for which it was collected.
People Can View the Data Collected: One of the requirements of GDPR is that individuals have the right to access their personal data. SocialScore Analytics provides users with the ability to view the data collected, ensuring compliance with GDPR regulations, after verifying their profile.
Capabilities to Delete Visitor Data When Requested: GDPR regulations also require businesses to provide individuals with the ability to delete their data. SocialScore Analytics provides users with the ability to delete their data, ensuring compliance with GDPR regulations.
The Data Is Not Used for Any Other Purposes: Unlike other analytics tools like Google Analytics, SocialScore Analytics does not use data for any other purposes other than the specific purpose for which it was collected. This ensures GDPR compliance as it protects the privacy of individuals and ensures that data is not misused.
Contacts & IP Anonymization: SocialScore Analytics ensures that all contact information and IP addresses are anonymized, ensuring GDPR compliance and protecting the privacy of individuals.
Visitor Logs and Profiles Can Be Disabled: GDPR regulations require businesses to provide individuals with the ability to disable visitor logs and profiles. SocialScore Analytics provides users with the ability to disable these features, ensuring compliance with GDPR regulations.
We are OSINT SaaS :
What Constitutes Open Source Data?
Open source data encompasses a wide range of information that is available to the public or can be obtained through specific requests. It includes various sources such as:
- News and Media: Newspaper and magazine articles, media reports, and other published content provide valuable insights into current events, industry trends, and public sentiment.
- Academic and Research Papers: Published academic papers and research studies contribute to the knowledge base in numerous fields, offering in-depth analysis and findings.
- Reference Materials: Books, encyclopedias, and other reference materials serve as valuable sources of information, providing historical context and expert perspectives.
- Social Media Activity: Social media platforms have become a treasure trove of data, offering a wealth of personal information, opinions, preferences, and social connections.
- Census Data: Demographic data collected through census surveys provides a comprehensive understanding of population characteristics, including age, gender, ethnicity, and more.
- Legal Records: Court filings, arrest records, and other legal documents shed light on individuals’ backgrounds, legal actions, and potential risks.
- Financial Data: Publicly available trading data, surveys, and financial reports offer insights into market trends, investment patterns, and economic indicators.
- Cybersecurity Data: Breach and compromise disclosure information, cyberattack indicators, vulnerability data, and domain registration data contribute to the identification and mitigation of cybersecurity risks.
The Depth of Open-Source Data
One key aspect of open-source data is the abundance of secondary information that can be derived from each source. For instance, social media accounts not only reveal personal details such as names, birthdates, and family connections but also provide metadata linked to individual posts. This metadata can expose the location of the post, the device used, and even the author’s identity. Such detailed information enhances the depth and richness of the insights derived from open-source data.
In summary, GDPR compliance is essential for businesses that use data analytics tools like SocialScore. SocialScore Analytics is designed to ensure compliance with GDPR regulations, including data anonymization, GDPR manager, opt-out tracking, first-party cookies, data access, data deletion, and data protection. By using SocialScore Analytics, businesses can ensure they are GDPR compliant, avoid heavy fines, and protect the privacy of their customers.
The General Data Protection Regulation (GDPR) is a law and data protection regulation that sets out the rules for data processing in the European Union. The regulation is designed to strengthen privacy and data protection for individuals within the European Union. The GDPR builds on previous EU privacy measures, such as PSD2 compliance, but is a lot more stringent in a number of ways.
One of the most significant aspects of the GDPR is its stronger emphasis on user consent. Companies will need explicit consent from users for their data to be collected. This means that companies will have to completely revamp their Terms of Service and the way users interact with their websites. Another key aspect is transparency over collected data. Users must be able to download all the data a company has gathered on them. This feature has already been rolled out by a number of companies such as Facebook or Google.
The GDPR came into full effect on the 25th of May 2018, and companies that collect data from European Union citizens are required to comply with its provisions.
The GDPR defines personal data as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
One of the most contentious points of the GDPR is the idea that one legal basis for processing data is that of legitimate interest. This means that a legitimate interest could exist, for example, where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller. However, this is subject to the overriding interests or fundamental rights and freedoms of the data subject.
The GDPR will impact the fraud industry by requiring fraud detection and Risk Ops to ensure that data collection is relevant and justifiably so. Companies will need to update their Terms of Service, and data retention must comply with the “right to be forgotten”. The data cannot be kept indefinitely, and organizations must ensure that information not directly related to fraud is not kept for longer than necessary.
At SocialScore, we have been fully aware of the GDPR and other regulations such as PSD2 since their inception. We have ensured that our entire solution was designed around compliance to this new regulation. Our company complies with the GDPR by ensuring that data is collected in a way that is relevant and justifiable, by updating our Terms of Service, and by ensuring data retention complies with the “right to be forgotten”. We employ best practices to guarantee breach prevention as well.
Why the GDPR exists:
“The processing of personal data should be designed to serve mankind” – Recital 4
“The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities.” – Recital 6
“Natural persons should have control of their own personal data.” – Recital 7
How the GDPR defines personal data:
“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” – Article 4 (1)
What is considered Online Identifiers:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.” – Recital 30
One important concept is the GDPR is that of user consent. It is defined as follows:
“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to her” – Article 4 (11)
Finally, one of the most contentious points of the GDPR is the idea that one legal basis for processing data is that of legitimate interest. This is how we get a better idea of what it means:
“legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller.” – Recital 47
“The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” – Recital 47
However, there are a few caveats:
“provided that the interests or the fundamental rights and “freedoms of the data subject are not overriding” “a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place” – Recital 47
How the GDPR Will Impact the Fraud Industry?
Fraud detection and Risk Ops cannot exist without user data. Some legacy platforms have built their entire system on the ability to share fraudsters’ data to prevent their next actions. This is true whether you want to protect yourself from payment gateway fraud or to avoid chargeback fraud. In short, if you have yet to choose an anti-fraud solution, you should seriously consider the following points:
How and why is the data collected: We’re really talking about data quality here. Is it relevant – and justifiably so? Will your company get in trouble for sharing information with the fraud vendor if it is deemed necessary?
Are the terms of service clear and transparent: Your company’s TOS needs to be updated. But what about those of the fraud vendors? Do they take into account right of access without sacrificing efficiency?
What is the retention period: In compliance with the “right to be forgotten”, the data cannot be kept indefinitely. Organizations must ensure information not directly related to fraud isn’t kept for longer than necessary.
How safe is the data: Just because fraud detection falls under the umbrella of cybersecurity does not mean the company employs the best practices. Can they guarantee breach prevention as well?
How SocialScore Complies With the GDPR At SocialScore, we have been fully aware of the GDPR and other regulations such as PSD2 since their inception. This has allowed us to plan accordingly, and to ensure our entire solution was designed around compliance with this new regulation. Listed below are some of the FAQs we have answered for clients. Feel free to contact us for any additional information.
Must SocialScore comply with the GDPR? Absolutely. Our infrastructure including servers and databases are based in the EU (Dublin, Ireland), which we can confirm via a certificate.
Can SocialScore legally process data? Yes. We are registered as a data processor at the Bulgaian National Authority for Data Protection, and you’ll find that detecting fraud is a legal basis for processing data according to the GDPR.
We do not store user data – any business can use our solution without saving user data on our servers. Once the result is provided, we delete all the personal data. For our statistical models, we use anonymized data only, and even if we will have a leak, they will catch only statistical information for nobody. Any check is an individual picture for the profile at this moment.
Can I share user data with SocialScore? We recommend your TOS should inform their clients about data processing for fraud management services. We are happy to help you draft this document as needed.
What is the data retention policy? We make it very clear that our client data can be stored for up to 5 years, and can be easily purged upon request using our Erase API.
How safe is the data I share with SocialScore? At SocialScore, we are proud to have an appointed Data Security Officer. The role oversees security and ensures only our Head of Engineering has access to the production database (through dedicated, whitelisted VPN and encrypted keys).
What happens if there is a breach? In the unlikely event that data is hacked, SocialScore’s standard agreement includes taking responsibility for data privacy, so you can use the platform with complete peace of mind.
GDPR Compliance in Fraud Detection: While the GDPR would indeed seem to increase users’ online privacy, it inevitably raises a number of questions. Will it actually have a positive effect? Will it lengthen manual reviews? Make things harder for companies – especially small ones who may fall foul of EU regulators? And who will take to blame if data is breached between different data-sharing services?
Whatever the future holds, there is no doubt the GDPR will profoundly reshape the Internet and risk assessment as we know it. Companies in all verticals will need to rethink the way they operate on a daily basis, particularly advertisers, publishers and fraud vendors. Hopefully, your solution has already taken every step to ensure compliance and will train fraud managers accordingly – if not, we can only recommend you stay as educated about the GDPR as possible as it comes into effect.