Compliance Readiness (B2C)

Privacy and Compliance Requirements

There are several requirements related to privacy and compliance. While UPBOND Login 3.0 cannot provide legal guidance on your privacy or other regulatory obligations, we can provide a curated list of privacy requirements below for which Login 3.0 offers features that may help you meet your obligations. All configurations and processes related to privacy and compliance must be coordinated with the UPBOND team.

Publish Privacy Policy and Obtain User Consent

If you collect or process personal data about users, you should have published a privacy policy and have established procedures to ensure your operations abide by the contents of the policy. The UPBOND team can assist with displaying a link to your privacy policy and storing user consent as part of the Login 3.0 implementation.

Provide Access to View, Correct, and Erase Data

Privacy legislation often requires that users have the right to view and correct any data held about them. If you are a data controller, you should provide a mechanism for this. The UPBOND team can help you build a self-service feature to access and correct data via available tools.

Provide Access to Data Portability

If you are a data controller, you may be obligated to provide users a means to export their data from your system in a transportable format. UPBOND supports user data portability mechanisms to help you satisfy this obligation via both manual export capabilities and available APIs for implementing self-service features.

Take Steps to Minimize Personal Data

You should have reviewed the personal data you collect about users to ensure it is legitimately required for the purposes of the processing covered in the privacy policy and consent. The UPBOND team can assist in reviewing data collection and implementing encryption for additional protection where necessary.

Data Retention Policy Enforcement Automated

You should have a published data retention policy and automate its enforcement. UPBOND provides tools to facilitate the erasure of user accounts and data as part of compliance with retention policies.

Protect Personal Data

Regardless of whether you are a data controller or a data processor, you have obligations to protect the personal data you hold about users. This includes use of encryption where possible, and implementing reasonable security measures to protect user accounts. UPBOND can enable features such as Brute Force Detection, Multi-Factor Authentication (for both users and administrators), and strong password policies. The UPBOND team will assist in configuring these features and establishing processes to respond to potential threats.

Supplier Evaluation

Another common compliance obligation is to perform due diligence review of the security of any third-party suppliers to which you expose personal data. For UPBOND Login 3.0, the UPBOND team can provide information about security certifications and facilitate compliance reviews.

Additional Resources

Additional resources that may be useful for your compliance requirements include:

  • UPBOND Privacy Policy

  • UPBOND Security and Compliance

  • UPBOND Compliance and Certifications

  • UPBOND General Data Protection Regulation Compliance

PreviousOperations Readiness (B2C)NextSupport Readiness (B2C)

Last updated

Was this helpful?