GBG Data Retention Policy
Background
GBG has been reassessing its approach to the retention of customer identity verification records. Historically, GBG customers have controlled their verification records, setting anonymisation periods based on their needs.
However, in light of recent major data breaches and evolving privacy legislation, we have reviewed our position on customer data retention.
What’s changing?
To align greenID’s data retention policy with industry best practices and Privacy Act guidelines, we will be removing Personally Identifiable Information (PII) when it is no longer required.
New standard retention period:
PII within greenID will be retained for 365 days (12 months).
After this period, all PII will be deidentified.
Deidentified transaction outcomes will remain accessible via the greenID Administration panel using the identity verification number.
What this means for greenID customers?
GBG will be reaching out to existing greenID customers who do not currently have a data retention period set for their greenID account.
Key updates:
A 365-day (12-month) data retention period will be applied to your greenID account to safeguard PII data.
All PII—including names, dates of birth, and addresses—that is older than 365 days will be deidentified in your greenID account.
Any new transactions made after the data retention period is applied will be automatically deidentified after 365 days.
Customers must ensure that the greenID transaction number is stored in their systems for future searches of deidentified transactions.
What actions do you need to take?
All customers should store the greenID identity verification number within their system to facilitate searches for anonymised transactions.
