Compliance Guide

How to use Openprofile responsibly and in compliance with data protection regulations.

Understanding the Legal Framework

Public Data vs. Personal Data

Openprofile exclusively processes publicly available information. However, even public data may constitute "personal data" under regulations like GDPR if it relates to an identifiable individual. This means:

• You need a lawful basis to process this data
• Data subjects have rights regarding their information
• Appropriate safeguards must be in place

Your Role vs. Openprofile's Role

GDPR Compliance

Lawful Basis for Processing

Under GDPR, you must have a lawful basis to process personal data. Common bases for Openprofile use cases include:

Legitimate Interests (Article 6(1)(f))

Most commonly applicable for:

• Fraud prevention: Detecting and preventing fraudulent activity
• Due diligence: Assessing business relationships and risks
• Security: Protecting your organization from threats

Important: You must conduct a Legitimate Interests Assessment (LIA) and document your balancing test against individual rights.

Contract Performance (Article 6(1)(b))

May apply when:

• Background checks are part of employment contracts
• Identity verification is required for service delivery
• Due diligence is contractually mandated

Legal Obligation (Article 6(1)(c))

Applicable for:

• KYC/AML requirements in financial services
• Regulatory background check mandates
• Anti-money laundering compliance

Data Subject Rights

Individuals have rights regarding their data. Here's how to handle common requests:

CCPA Compliance

California Consumer Rights

For California residents, additional rights apply:

• Right to Know: What personal information is collected and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Prevent sale of personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Industry-Specific Considerations

Financial Services (KYC/AML)

If you're using Openprofile for KYC or AML purposes:

• Document your risk-based approach
• Maintain records of identity verification steps
• Use our audit logs for compliance documentation
• Combine with official identity verification where required

Human Resources

When screening candidates or employees:

• Obtain consent where required by local law
• Provide adverse action notices if decisions are made based on findings
• Ensure consistency in screening processes
• Don't use for FCRA-regulated decisions (US credit, housing, insurance)

Investigations

For fraud or security investigations:

• Document the legitimate interest justification
• Maintain proportionality in scope of investigation
• Secure findings appropriately
• Limit access to need-to-know personnel

Best Practices

Documentation

Maintain records of:

• Your lawful basis for each use case
• Legitimate interests assessments
• Data subject requests and responses
• Data retention decisions

Data Minimization

• Only search for information you genuinely need
• Use our retention controls to auto-delete results
• Don't store data longer than necessary
• Limit who can access search results

Transparency

• Include Openprofile usage in your privacy notices where appropriate
• Be prepared to explain your screening processes
• Respond promptly to data subject inquiries

Openprofile Compliance Features

We provide several features to support your compliance:

• Audit Logs: Complete record of all searches and exports
• Auto-Deletion: Configurable retention periods
• Access Controls: Role-based permissions
• Export Tools: Respond to data subject requests
• DPA: Standard data processing agreement
• EU Hosting: Data residency in European Union

Need Help?