Varazdin Startup Identyum First in Croatia to Get ISO 27701 Certificate

Lauren Simmonds

Updated on:

As Poslovni Dnevnik writes, the Varazdin startup Identyum Consortium, the creator of the Identyum digital ID wallet, is the first in all of Croatia to be accredited with the prestigious ISO 27701 certificate, also known as the “GDPR certificate for companies”.

It confirms that the Varazdin startup Identyum manages the security of personal data of its users in accordance with best information security practices and is fully compliant with the provisions of the GDPR, ie the General Regulation on Personal Data Protection.

“For Identyum, this certificate is of particular importance because it proves that the protection of personal data of users is an absolute priority, which raises the level of trust of end users that their data will be protected,” they said from the startup, which is celebrating three years of business this November.

This latest accreditation is a supplement to the ISO 27001 certificate, which the Varazdin startup Identyum met the criteria for back in August this year. It is designed for companies that manage and process users’ personal data, and requires them to address specific risks, including those related to personal data and privacy. ”This achievement confirms the seriousness with which we treat information security within our company. Our internal processes are strictly adjusted to the highest international security standards,” said Identyum’s director Robert Ilijas.

According to the ISO Survey for the year 2020, 321 companies in Croatia were certified to the ISO 27001 standard last year, but so far only Identyum has been certified to the ISO 27701 standard.

Their 21st century digital ID card allows people to sign digital documents using their mobile devices and store personal information. In doing so, Identyum’s system is designed so that it cannot access the personal data of users stored in their ID wallets. The specified data is always under the exclusive control of end users because during each storage they are encrypted with the user’s PIN, making them inaccessible to anyone, until the user explicitly allows access to that personal data, meaning that they must first give consent and enter the PIN, allowing the decryption of their data for exactly the recipient to whom they allowed access.

Last year, the Varazdin startuo Identyum was also the first in all of Croatia and the region to receive a license from the Croatian National Bank (CNB) to provide account information services. They have thus successfully completed the process of “passporting” their AISP license and enrolling in the EBA Electronic Register. A company licensed as an AISP, after obtaining explicit consent from the end user, may link to their bank account and use their bank details to provide other financial services.

After fulfilling all of the stringent the conditions, Identyum was able to provide information services in 30 European countries: Austria, Belgium, Bulgaria, Cyprus, the Czech Republic, Germany, Denmark, Estonia, Spain, Finland, France, Greece, Ireland, Iceland, Italy, Liechtenstein, Latvia, Lithuania , Luxembourg, Hungary, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Sweden, Slovenia, Slovakia and of course Croatia.

They also announced that they will present even more good news in the next few months, and the goal, as they conclude, is to contribute to the ongoing digital transformation of Croatia.

For more, make sure to check out Made in Croatia.

Leave a Comment