GDPR and data protection laws:

Personal data privacy is protected by law, The General Data Protection Regulation (GDPR), whilst applying to European (and UK) citizens is similar to laws in most countries, and applies to storage, disclosure, responsible transmission, and accountability for customer data. This includes photographs and their transmission. Failure to comply with these laws can result in penalties for your business

+ What is the GDPR?

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. it applies to any organisation within or outside of the European Union. The personal data, including biometric data of EU citizens is protected by this law.

+ How does the GDPR affect my company?

'Personal data' could be anything from a name, a photo, an email address, and so on. Data processing could be anything from obtaining, recording or holding the data or carrying out any actions with it. Companies that do not comply with GDPR could face sanctions of up to 4 percent of their global turnover or up to EUR 20 million....these rules apply regardless of where the operations are based, including New Zealand and Australia.

+ Is a Passport/Visa considered personal information?

By photographing and processing a passport/Visa of an EU citizen, your operation is subject to the GDPR rules in so far as the images are personal data, as are email addresses and other customer details. Whilst ID passport Express uses Biometric data to process the image it does not store this data, (which would give unambiguous identification of the subject) and as such avoids Article-4(14) of the GDPR. The collection and storing the image and other data has to be protected from unauthorized access, as such, sending emails with these details is not recommended - a third party could access their mailbox, (or yours), or they could be sent to the wrong email address. (it may also require personal data outsourcing agreements with each or the email providers). By Collecting the data you are responsible for it's security.

+ What do you need to do to comply?

  • The GDPR checker included in ID Passport Express v8.3.0.37 onwards lists the possible areas where you may be exposed to risk. Use this to set he number of days that the customer data is stored before being automatically deleted, and to restrict access and anonymize statistical data etc. Keeping the software up to date is essential to ensure that you are compliant with the latest rules.

  • A consent must be obtained from a customer only when you want to use their data for the purposes other than the performance of the agreement. For example, consents are necessary to use photographs in a portfolio or a publication. Communication via e-mail requires their consent with the exception of when it is necessary to perform the agreement — in such cases, the e-mail address may be used for this purpose only. As the sender, you are responsible for breaches in the GDPR if the email is mis-used, because of this you may want to consider Secure Cloud Storage.

  • Use the Secure Cloud Storage service within ID Passport Express which has been designed to ensure secure and GDPR-compliant delivery of digital biometric photographs to individuals. Secured Cloud Storage provides secured, coded transfer of photographs to a server localized in the European Union. Customers have access to their photographs thanks to special Code valid for a certain number of days, and they decide to remove the photographs from the server themselves.

  • Decide how many days you wish to keep the customer's information, and set the system to automatically delete it after that period. A period of 3 days is a safe option. Keep in mind that you are responsible for the data you have collected and must provide safe and secure protection of this data.

  • it is recommended to create a personal data processing policy which describes the rules of processing personal data in your company. This policy should include document templates (such as: obtained consents, information sent to persons whose data was processed, authorizations) and principles of acting in case of requests or questions raised by customers.

The GDPR assistant included with ID Passport Express notifies you of any potential breaches in security and helps limit your exposure to risk.

mbiopass (1).png

Biometric passport photos are suitable for use in Electronic passports, commonly used at E-Gates at Airports. The standards for these Passports are set by the ICAO, and Photographs submitted for e-passports need to fit the ICAO criteria. ID Passport Express is built using these standards and tests each photograph against them so you can feel confident that your passport photograph will be accepted.

download (7).png

An e-Passport contains an electronic chip. The chip holds the same information that is printed on the passport's data page: the holder's name, date of birth, and other biographic information. An e-Passport also contains a biometric identifier. New Zeland and Australia requires that the chip contain a digital photograph of the holder.

download (6).png

Biometric of face recognition technology has recently become important in the professional traveller identification community. The United Nations has a specialized agency "The International Civil Aviation Organization" or ICAO. They have set a dealine of 24 November 2015 for countries to have "Machine Readable" Passports for border controls and inspection formalities. (see the Chicago convention)

mdia (1).png

The standards set by the International Civil Aviation Organization (ICAO) to be included in machine-readable travel documents such as passports. These standards are loaded into the ID Passport Express and each photo is checked against them. ID Passport Express enables you to produce a Compliance Certificate which signifies that your ID Photo meets the strict ICAO benchmarks.


download (5).png

RealMe® is a New Zealand Goverment initiative which lets you easily and securely prove your identity online, and access numerous government online services with a single username and password. RealMe® requires submission of a biometric passport that meets the DIA requirements.

download (4).png

The New Zealand Department of Internal Affairs (Te Tari Taiwhenua), is the government department responsible for compliance and issuing of NZ Passports. Online passport renewals can be submitted electronically directly via the pasports.govt.nz website. Passport photos can be tested with the DIA online Passport checker.

download (3).png

The Australian Governmen's Department of Foreign Affairs and Trade (also called DFAT) manages the government’s foreign relations, trade policies, and the authorisation of Australian Passport applications.

micao (1).png

The International Civil Aviation Organization (ICAO) is a UN specialized agency, created in 1944 upon the signing of the Convention on International Civil Aviation. It develops policies and Standards, undertakes compliance audits and fosters the planning and development of international air transport to ensure safe and orderly growth. The standards set by them for electronic passports are used globally, and are codified into IID Passport Express