GDPR Compliance in Europe is enough for users to trust with KYC info?

[niocexchange]

GDPR- General Data Protection Regulation
We are an Estonia based Crypto Exchange company. We are licensed under the Govt of Estonia.

NIOC EXCHANGE OÜ, LICENSE NO FVR000684, DATED 29.01.2019. LICENSE NO FRK000591, DATED 29.01.2019

We are also GDPR compliant organization. Under the GDPR guidelines, we cannot disclose or share any KYC related documents with any third party.

Here is the full link for more details on GDPR. https://gdpr.eu/what-is-gdpr/

Still, users in BITCOINTALK are not ready to trust our exchange. What can we as a start-up or any start-up do to make people trust us?

[bitmover]

Unless the user really need to make fiat transactions to your exchange,  there is no reason to do kyc (as anyone can make kyc free trades in binance)

So, there is only one good reason to trust my documents to someone.

Even though you are licensed now in Estonia, you can move to another country later which may be not regulated by gdpr compliance  (and our documents would be at risk).
Only time will make people trust your exchange

[Lucius]

Still, users in BITCOINTALK are not ready to trust our exchange. What can we as a start-up or any start-up do to make people trust us?

Why do you think that users trust can only be gained by the fact that you use GDPR? Customer trust is gained over time, with good services that include efficient customer support, favorable fees (more competitive than the competition), and best possible security practices that include storage of customer assets in cold wallets.

Protection of user data is not the most important thing, users are most afraid of hacking, or what happened to Quadriga exchange. Ask yourself why anyone would trust you more than some respectable crypto exchange which has been in business for years?

[LeGaulois]

@niocexchange

Most people don't understand correctly what is GDPR, including European citizens themselves and I believe the majority doesn't care. You can see yourself, for example, they never ask their favorite e-commerce, ISP or whatever, to view-modify-move-delete personal data, or how it is processed, etc... Maybe they think it's a matter to click on "I accept cookies" You know, the very annoying boxes that bother us. Besides this, I agree with @Lucius

Each time I think about GDPR, it may me think about the CLOUD Act, if I understood correctly both are inconsistent in my opinion. In your example when you say, as GDPR compliant you don't disclose KYC related documents with any 3rd party. Well, the cloud act doesn't need your agreement and you won't even know it. It's available for any company (related to cryptocurrency or not) claiming to be GDPR compliant.

We have one side with the USA and the CLOUD Act and the other side with Europe and its GDPR

[hugeblack]

Many countries impose restrictions due to anti-money laundering and terrorist financing laws, why not impose several levels of identity verification? For example, you can trade $ 1,000 without having to send your KYC.

The problem of many platforms is that they give identification documents to third parties, even the largest companies do this, so it is difficult to find sufficient confidence, especially in this forum.

It might be better to develop an open-source system for destroying personal files after verifying them (decentralized.)

[CryptoBry]

With or without GDPR, we the people and the prospect customers of your service will always be wary of sharing information and data since there is nothing that guarantee that information can't be shared, leaked or hacked. There had already been many precedents in the past, and I am sure that soon this law can be tested on how effective it is once something like what happened with Facebook can occur. We have to always remember that once data is gone from one party to another, there is no law that can actually rectify that even if cases can be filed and appropriate penalties or punishment can be imposed. Building trust can be taking a  lot of time and you can definitely get that trust by many means including getting into the minds of your possible users by effective branding and marketing which Binance is excelling at. Good luck on your platform.

[audaciousbeing]

GDPR- General Data Protection Regulation
We are an Estonia based Crypto Exchange company. We are licensed under the Govt of Estonia.

NIOC EXCHANGE OÜ, LICENSE NO FVR000684, DATED 29.01.2019. LICENSE NO FRK000591, DATED 29.01.2019

We are also GDPR compliant organization. Under the GDPR guidelines, we cannot disclose or share any KYC related documents with any third party.

Here is the full link for more details on GDPR. https://gdpr.eu/what-is-gdpr/

Still, users in BITCOINTALK are not ready to trust our exchange. What can we as a start-up or any start-up do to make people trust us?

Trust in the crypto community in a very expensive commodity and its not cheap. The big exchange today have also lost customers since the advent of the KYCs into the crypto community and don't think the issue is isolated to your platform alone, its general but the difference here is that yours is a start up compared to others that have existed in the market for a long while.

Now the issue you need to deal with is advertisement and find a way around relaxing the rule against people. Yes the laws are there but you can find a way around it. Even Poloniex is doing same by introducing levels for people depending on the amount of information they are willing to supply to the exchange site for them to trade. You can start something like that or start thinking in that direction.

[Harlot]

Still, users in BITCOINTALK are not ready to trust our exchange. What can we as a start-up or any start-up do to make people trust us?

Basically you will literally start from nothing and hope for your first customers who "trust" you will give a good feedback in your service and hope that they will spread the word about you. Other than that time is really the thing that will only tell if you are to be trusted, if you keep up with a good clean record with your service then you will be a reputable service for them. Scandals and bad service is what you want to try to avoid especially as early as this time since this will just break your name. The compliance you have is a good start but it is really not everything for a service to be trusted you really need to dedicate a lot of time and patience for you to start having customers.

[hello_good_sir]

It doesn't matter what regulation or compliance an exchange does. There is still significant risk for identity theft and leak of personal info.

Especially when you can't track down exactly where the leak or theft occurred, because of the fact that these kind of crimes are simply untraceable. And for smaller exchanges, your information could in fact be used against you to hold funds involuntarily or whatnot (as we have seen countless times, in exchanges such as HitBTC).

So yeah, there is a reason behind people not trusting this system.