TTP Method

1. Purpose

MYOBI facilitates Users of the Trust Network to exercise control over their data. The need to be able to exercise control can be indicated from the perspective of data protection as follows:

  • Persons control and direct their data;
  • Companies want to take control of Company and Personal Data; thus
  • Companies make agreements with Persons about directing Personal Data.

With the help of a Trusted Third Party (TTP), MYOBI can organise data control effectively and cost-efficiently. MYOBI, in the role of TTP, gives Persons and Companies electronic identities by issuing electronic signatures. The TTP policy is the condition for Users to receive an electronic signature. The collection of Users who have accepted the TTP policy is called the Trust Network. The TTP policy consists of the following documents:

  1. TTP Agreement;
  2. TTP General Terms and Conditions;
  3. Personal and Business Data Agreement;
  4. Service Level Agreement;
  5. Accountability Seal Policy;
  6. TTP Code of Conduct GDPR; and
  7. Rules of Mediation.

It is essential that all Users, under the TTP policy, participate in the Trust Network and fulfil the TTP policy obligations. If a User builds their own Information ecosystem with other Users, the User may assume that his Partners share reliable and up-to-date Personal and Business data with him. Such an Information ecosystem offers the User a lot of added value in the daily practice. The Users of the Trust Network are also members of the Association of Participants in an Information Ecosystem (VIE).

The purpose of this information is to explain to the (potential) User of the Trust Network, in an understandable and accessible way:

  • MYOBI’s services: what can you do with the services and what is the added value; and
  • explanation of the TTP policy: the content of the documents and meaning.

After reading the information, a (potential) User can build up a good picture of the expectations:

  • that a User may have of MYOBI and other Trust Network Users; and
  • the expectations that MYOBI and other Users of a User may have.

We also pay attention to the Association of Participants in an Information Ecosystem. The Association Unites Users of Information Ecosystems. The ultimate goal is for Users, of Information Ecosystems, to be able to control their data, as referred in the GDPR.

Although inescapable, efforts have been made to use as little legal language and technical terminology as possible. If there is a contradiction between this TTP method and the TTP policy, in particular the TTP  Agreement and the TTP Terms and Conditions, the provisions of the TTP policy, TTP Agreement and TTP Terms and Conditions prevail.

In this explanation of the TTP method, sometimes concepts are written with a capital letter. The reader may examine the meaning of the concept in Article 2 of the TTP Terms and Conditions, where the definitions of the concepts are included. Where ‘he’, ‘him’ or ‘his’ is, ‘she’ or ‘her’ can also be read.

2. Why participate?

Participating in the Trust Network and using Information Ecosystems means that Users control over their Personal and Company data. This gives them a grip on the data that they share. No longer do others decide what happens to their data and who gets to see and use it. The User will now decide for himself. Persons getting a grip on their data will have their freedom and sometimes their life back. For Companies, this means that the reliability of their Company data increases and thus allows them to organise more effective information management. They have substantially less operational and administrative burdens. The operating costs drop.

3. What is it?

MYOBI offers an environment in which Persons and Companies can manage and access their Personal and Company data. The pre-condition is that the User is at the helm. He exerts control over and directs his data. He determines who is allowed to take note of his data. He decides who may continue to use this data. It also corrects data if necessary, if it is incorrect or incomplete.  For Companies, we call it an Information ecosystem, and for Persons, it is called a Personal Environment, PDS.

The other way around is also correct. Partners who share data with a User exercise control and ensure that their data is accurate or complete. Business-based use of Information Ecosystems on the Trust Network gives Companies more certainty about the reliability of Company and Personal data.

MYOBI helps Companies with a range of Trust Services. If a company wishes to use an Information Ecosystem, MYOBI determines the identity of the Company’s Representative. Based on data from an authentic source, e.g. the Dutch Chambers of Commerce, MYOBI finds that the Representative is part of the company and records this data in the Trust Network. If the Representative also accepts the TTP policy on behalf of the Company, MYOBI creates an Information Ecosystem for the Company. The Representative is authorised to add Persons, mostly employees, to the Company’s Information Ecosystem. In these processes, MYOBI provides Persons with an electronic signature. We also call this the notary role of MYOBI.

The TTP policy offers the Users of the Trust Network security and comfort. The Personal and Company data Agreement aims at exercising control over data by the Users. Using the TTP Code of Conduct GDPR, including the matching Baseline, Companies know where they stand in taking proper measures. The legal requirements for processing Personal Data and meeting the accountability are in a row, and MYOBI helps Companies meet their obligations.  With the help of the Rules of Mediation, Users can resolve disputes quickly and cost-effectively.

On the Trust Network, professional companies enable Professional Services. These include Legal Entity Management (LEM)Smart contracting and Smart compliance. With the help of these services, Companies can organise their business processes better, faster and cheaper.

For companies, it is not difficult to put together a business case for the application of the Trust Network and Professional Services. An essential part of the business case is the moment when enjoying the benefits. MYOBI commits itself after delivering the Services. To fulfill this promise, MYOBI offers training opportunities and on-demand professionals are available who can be used for specific issues.

4. Three-tier model

The services of MYOBI Trust Network are made up of a number of layers or blocks:

  • MYOBI Technique;
  • MYOBI Operational; and
  • Professional Services.

These layers or blocks are related to each other and embroidery on each other. One is the basis for the following. For example, the IT infrastructure and IT services are the basis for the Trust Infrastructure by which MYOBI provides the Trust Services. The Trust Services, in turn, form the basis for the use or application of Professional Services. The Professional Services consist of Legal Entity ManagementSmart contracting, and Smart compliance. Persons and Companies use the Services.

MYOBI Trust Network uses the TTP policy. All Users of the Trust Network accept the TTP policy and are, therefore members of the Association of Participants in an Information Ecosystem. Membership of the Association influences the TTP Code of Conduct GDPR. MYOBI submits the Code of Conduct to the Supervisor Body, The Dutch Data Protection Authority (AP), for approval.

The figure below shows the correlation between these layers and an overview of the TTP policy.

MYOBI Trust Services
MYOBI Trust Services

The TTP policy consists of agreements and means, in particular, to meet the legal obligations.

4.1 MYOBI Technique

In this layer or block, MYOBI manages the technical infrastructure. We could say that this is MYOBI’s factory. Here lies the intellectual ownership. By technology, we mean the IT infrastructure and Services; the semantics of data elements and models. MYOBI built up IT infrastructure with Microsoft Azure services.

4.2 MYOBI Operational

In this layer, MYOBI’s contact with the outside world, the Users, is created. The layer of MYOBI Technique is mainly behind the scenes; the layer of MYOBI Operational is the window outwards. MYOBI Operational uses the technical infrastructure of MYOBI Technology to deliver the Trust Infrastructure and Trust Services.

The Trust Infrastructure and Trust Services make use of Microsoft’s Azure platform. MYOBI unlocks its Trust Infrastructure and Trust Services to Users. Users log in to this Azure platform. Microsoft Azure is also the platform on which users’ personal environment, PDS, is provisioned and used, and from which the services desk & sales work.

The Trust Network uses data dictionaries (semantics) to maintain the Information ecosystem, contract portfolios for directing and processing agreements, the baseline of the TTP Code of Conduct AVG for organizing the compliance with legal and contractual obligations, and a fast and cost-effective method of dispute resolution, the Mediation Regulations. The Trust Network is for Users who want to keep a grip on their data, take their partners seriously, and justify themselves to government surveillance in a fast and cost-effective manner.

4.3 Professional Services

The Professional Services use the Trust Network. Professional organisations deliver:

  • Legal Entity Management: using authentic registers such as the Dutch Chambers of Commerce and Partners on the Trust Network to manage the formal and functional structure of the Company and also, understanding these structures of Partners;
  • Smart contracting: organising the company legal operations effectively and cost-efficient; and
  • Smart compliance: organising the company compliance operations effectively and cost-efficient.

The Professional Services are consistent with the business activities of a Company. For example, the business processes sales, human resource management, and procurement use a company-specific contract portfolio, conclude agreements with Partners (customers, employees, and suppliers), and managing the rights and obligations of agreements, with applying smart contracting effectively.

4.4 TTP Policy

The TTP policy provides Users of the Trust Network with certainty and predictability. Wij classified the TTP policy in “agreements” and “means”. Making agreements is about directing data and mains is about organising accountability of compliance with legal and contractual obligations. We can summarise the TTP policy by the one liner “say what you do and do what you say”.

As the Services become more user-increased, the demand for additional services grows. MYOBI likes to work with functionalities that help all Users exercise control over their data more effectively and cost-effectively.

5. Association of Participants in an Information Ecosystem

Users of MYOBI Trust Network, and in particular the Users of the Information Ecosystem, are also members of the Association. The members of the Association consider it essential that their data, which they make available to other Users under their control and direction, be used by the obligations of the European General Data Protection Regulation (GDPR).

The TTP Code of Conduct GDPR (Code of Conduct) is an interpretation of the obligations of the GDPR. It offers a framework that allows Participants in an Information ecosystem to fulfil their accountability obligation. The members of the Association influence the Code of Conduct. The Code of Conduct is “by default” included in the Accountability Seal Policy. With this, MYOBI offers the Participants of an Information ecosystem a uniform and predictable manner to comply with their accountability obligation.

See Accountability Seal Policy and TTP Code of Conduct GDPR for further elaboration.

6. What do I get?

We present the ‘products and services’ without being complete.

First, Users get a personal environment or Personal Data Store (PDS), from which they control their own Personal and Company data. The PDS holds the electronic signature.

Secondly, they are given the opportunity to participate in an Information Ecosystem, in which the Personal and Company data are subject to continuous verification.

Thirdly, Users get Smart contracts for consent and processing agreements as well as document types for settling disputes with other Users. The User can purchase a license Smart contracting, prepare a Company-specific contract portfolio and optimize the Company’s legal operations. This will result in substantial cost savings.

Fourth, Companies organise their accountability obligations, for the protection of personal data and information security, based on the TTP Code of Conduct GDPR and the Companies have insight into the accountability of compliance with the obligations of the TTP Code of Conduct GDPR, with their Partners. MYOBI provides Companies with an Accountability Seal, by which they demonstrate to the outside world the extent to which they demonstrably comply with the TTP policy and in particular the TTP Code of Conduct GDPR. This certainty about the reliability of Business and Personal Data between Partners makes it easier and more effective to do business.

Fifth, the TTP Code of Conduct GDPR “by default” is included in the Accountability Seal Policy. MYOBI uses Smart Compliance to optimise the application of the compliance approach. Users can use Smart compliance themselves to organise integral compliance with legal and contractual obligations. Compliance efforts remain manageable, and liability and cost risks are limited.

Sixth, Users of the Trust Network organise any issues effectively and cost-effectively with the help of Mediation.

Seventhly, MYOBI gives Companies access to their training environment with which Companies train their employees. MYOBI provides this environment with training courses, so does Duthler Academy and it is possible that the Company itself also offers training in its environment and those of others.

7. What does MYOBI expect from you and what can you expect from MYOBI?

Using the MYOBI Trust Network and participating in an Information Ecosystem is not without obligation. Neither for MYOBI nor Users. MYOBI expects Users to verify continuously and, if necessary, correct their Personal and Company data. MYOBI expects Users to take appropriate security measures to prevent unauthorised or unlawful use or even misuse of their PDS and other MYOBI services. MYOBI expects Companies to ensure the proper allocation of roles and powers to employees. MYOBI expects Companies to be accountable for compliance with the TTP policy, in particular, the TTP Code of Conduct GDPR.

Users may expect MYOBI to honour and execute requests for personal and business data correction; that it uses a reliable platform and IT services; whereas it takes appropriate technical and organisational measures to secure the platform and IT services; that it uses reliable systems for the storage and transport of personal and business data provided and that it takes appropriate technical and organisational measures against falsification and theft of Personal and Company data.

8. How it works?

8.1 Onboarden

Becoming a user of MYOBI starts with onboarding. Without onboarding, it is not possible to use the MYOBI services. Onboarding is the process of making the necessary preparations, including identifying and authenticating Users and checking Company data including the powers of authority.

This is done as follows.

8.2 Identification and authentication Persons

A Person’s identification and authentication is based on their email address and mobile phone number. A Person himself provides the email address or a Trust Network User or a service desk representative provides a Person’s email address. The service desk checks whether the email address and mobile phone number are unique, each by itself and in combination.

There are different levels of certainty about the reliability of a Person’s identity. A limited trust can User increase by obtaining services from ‘identity providers’. We can think of transferring a €0.01 into MYOBI’s bank account, using IRMA, or other methods.

8.3 Create Personal Data Store (PDS)

After successfully authenticating the Person’s identity, MYOBI creates a Personal environment or Personal Data Store (PDS). MYOBI will not do so until the Person has agreed to the TTP policy. The Person can consult the underlying (and signed) documents. MYOBI Uses smart contracting for this purpose. The PDS allows the Person to use an electronic signature.

8.4 Identification and authentication Companies

A Person can ask MYOBI to start an onboarding process for a Company. The Person shall provide the Company’s identity or Company data and the identity information of the legal representative to the MYOBI service desk. The service desk compares the Company data with the data of the Trust Network. If the Company Data is not included, the service desk will consult an authentic source (e.g., the register of the Dutch Chambers of Commerce). If the authenticated Personal data corresponds to the Personal data of the legal representative from the authentic source, MYOBI grants the Person the powers of the “Company Admin”. In doing so, the Company also operates under the TTP policy.

MYOBI will not charge the Company any license fees until:

  1. The Company, using Smart contracting, accepts more than three agreements; or
  2. The Company indicates that it is a full User.

Of course, the Company receives a signal from MYOBI before the limit of three contracts is reached.

8.5 Electronic signature

Electronic signatures use key pairs. PDS User generates the key pairs under his control and records them in the personalised PDS. MYOBI has no access to the private key in any way.

8.6 Personal Data Store (PDS)

A PDS now protects the electronic signature. Periodically, MYOBI checks the identity of the PDS user using the electronic signature and re-authenticating the identity.

MYOBI stores the data in a PDS for three years. If the User wishes to have the data for longer, he indicates that. As the service on the Trust Network grows, the PDS develops.

8.7 Request for Service (RfS)

An RfS may include:

  • Request for onboarding of a Person or a Company;
  • License Legal Entity Management;
  • License Smart contracting;
  • License Smart compliance;
  • Need Support;
  • Request for a copy from a commercial or authentic source, e.g. the register of the Dutch Chamber of Commerce; and
  • Request for an invoice.

The purchases and payments of services using RfS is covered by the TTP policy. In a User’s account, MYOBI records the license fees, used units, and professional support of Duthler Associates and First Lawyers. The User ensures that sufficient resources are available in the MYOBI overdraft.

8.8 Professional support

A User needs professional or legal support at times. For example, when managing Legal Entity Management, applying Smart contracting or Smart compliance or legal support in dealing with legal issues.

The User can simply request the desired support from a legal or compliance coordinator. Based on the question, the coordinator – in a smart contracting process – submits a quote, and after an authorized Person has signed the offer, the coordinator organises the support. It will be a short time to follow up with a support question.

Legal professionals of Duthler Associates or lawyers of First Lawyers provide support. Legal support may include providing legal advice, assisting contract negotiations or providing legal aid. The lawyers and legal professionals deliver all help on post-calculation.

8.9 MYOBI Service desk

The service desk serves the Users and The Users’ Partners. The service may consist of:

  • Onboarding of Persons and Companies;
  • Carrying out internal checks:
    1. Uniqueness of email addresses and phone numbers, individually and in combination;
    2. Uniqueness of Company data; and
    3. Compare Personal and Company data provided with authentic and public sources.
  • Keeping record and debtor management;
  • Coordinating the implementation of the Accountability Seal Policy;
  • Facilitating the Standardisation Board; and
  • Answering operational and practical questions and providing background information.

8.10 Compliance

The governance and management of the platform of MYOBI, the Trust Infrastructure, the Trust Network and the Services comply with the European General Data Protection Regulation (GDPR), the eIDAS Regulation, the European digital content and digital services line’ (2019/770), Implementation Act consumer rights directive and to the Distance Selling Act as well as the lower regulations based on it.

MYOBI is accountable annually for the legal, contractual and policy obligations, in particular the TTP policy and in particular the TTP Code of Conduct GDPR.

8.11 Technical aspect

Microsoft Azure is the foundation platform for the Trust Infrastructure, Trust Network, and Professional Services. In addition, software service components are used as crypto vaults, Active Directory and Databases.