Passbase identifies the best route to privacy compliance

• Passbase develops software development toolkits to help verify users’ identities
• Verifying official identity documents demands absolute trust in security and privacy
• The Privacy Compliance Hub means Passbase’s products have compliance built in

What does Passbase do?

Passbase set out to create a new digital identity system which businesses can integrate for user verification. We’ve all seen the big online security breaches making global headlines in the last few years. It’s a concern for users and the companies who request their data. Passbase’s pioneering decentralised architecture puts control of private identifying data back in the users’ hands. At the same time, it protects businesses with personal data compliance issues.

The challenge

It all comes down to trust. More and more sensitive private data is being requested online, from date of birth and social security number to biometric data and facial likeness. Businesses need to trust who they’re onboarding, while users need to trust that their information is safe. Passbase’s identity proofing system was conceived after the announcement of GDPR. So, the firm’s founders knew that the sensible approach – the only approach – to building their software development toolkit was to build GDPR compliance in from the very first line of code.

“We were focusing on the US and Europe,” said Dave McGibbon, Passbase’s founder. “Early on, we knew that we needed to invest in compliance and architect the product around the need. The good thing about GDPR is that it actually gives companies the incentive to take only the data they really need. With our system, we’re operating as the data bank, so you – the client in need of identity verification – don’t need to worry about data compliance.”

Passbase’s team had done their initial research – being embedded in the Google community was helpful for lessons learnt – and were heading for prototyping their product at the end of 2018, with a view to going to market in the next six months. Guaranteeing compliance was mission-critical.

“It was clear that legal consultation would soon become very expensive if we weren’t self-sufficient. We looked for a more cost-effective and strategic approach, and the Hub was the only platform we considered seriously.”

Dave McGibbon
Co-Founder of Passbase

Choosing the Privacy Compliance Hub

“It was clear that legal consultation would soon become very expensive if we weren’t self-sufficient,” said Dave. “We looked for a more cost-effective and strategic approach, and the Hub was the only platform we considered seriously.”

The first face-to-face meeting with PCH founder Karima Noren took place in November 2018. Soon after, Passbase began an accelerated two-month programme to ensure that their learning could be incorporated into their software. With the product in beta, with a handful of carefully chosen clients, it was the ideal way to work through the Hub’s guidance.

“There was a heavy emphasis that the framework should ‘delight the legislator’ rather than just tackle needs-based requirements,” Dave explained. “That suited exactly what we were looking for and helped us form strategies as well as maintaining a base-line compliance.”

“There was a heavy emphasis that the framework should ‘delight the legislator’ rather than just tackle needs-based requirements. That suited exactly what we were looking for and helped us form strategies as well as maintaining a base-line compliance.”

Dave McGibbon
Co-Founder of Passbase

The result

There’s no doubt that without the Hub, we’d have spent more on counsel and ended up taking piecemeal advice,” said Dave. “And those costs could have been ongoing, whereas the Hub helped us structure the programme. We now have a robust internal system and process we can rely on. We can be transparent with our users and customers.”

Confident and compliant, the company is on track for a public launch in early autumn. “We’re sure that the system is ready to handle a large increase in transactional data. As we scale as an organisation there may be some lull in how we use the Hub – since its guidance has been built into all our existing processes – but there will be ongoing training and we can monitor regulatory updates. We also see the potential for ever-greater compliance, including ISO and security certifications, for instance.”