Building Trust Through Customer Privacy and Data Protection

By Jonathan Brockmeier, OKX Chief Compliance Officer

Trust needs to be earned, every day and with every transaction. It’s the foundation upon which OKX is built. My mandate is to earn and maintain our customers’ trust by rigorously protecting personal data, championing privacy, and holding compliance as our highest priority. In this post, I’ll share the standards, safeguards, and innovations behind our commitment to data protection, and explain why security and integrity guide every decision we make.

Setting a New Standard for Privacy and Compliance

OKX is committed to upholding the highest standards of data protection across every market we serve. We carefully assess and apply the legal and regulatory requirements in each jurisdiction. For those in the European Economic Area, we adhere strictly to the General Data Protection Regulation (GDPR), ensuring transparency in data usage and respecting customers’ rights to access, correct, or erase their personal information.In the United States, we follow both federal and state privacy regulations. Regulatory requirements necessitate the collection of personal data for anti-money laundering (AML) and Know Your Customer (KYC) procedures, but OKX handles this information with utmost care - employing robust encryption, enforcing strict access controls, and restricting data handling to authorized compliance or service staff only.

Key Data Protection Practices

We adhere to the principle of data minimization, ensuring we only collect personal data that is strictly necessary for legitimate purposes, such as regulatory KYC/AML requirements, and the provision of our services. Our data protection standards extend to our third-party vendors as well: all vendors who may handle customer data undergo a rigorous security and privacy assessment to ensure they meet or exceed our own internal standards. Achieving SOC 2 Type 2 compliance reflects a rigorous, independent review of our security and data protection controls over an extended period of time. These milestones demonstrate the maturity and strength of our information security management system. We also enforce robust backup and recovery processes to ensure data integrity, even in the event of a system failure, enabling us to protect customer data and respond quickly to any threats or breaches. Our dedication to data security is further endorsed by internationally recognized certifications, including ISO/IEC 27001:2022 for information security management and CSA STAR Level 1 for cloud security. These independent audits confirm that our data governance and risk management consistently meet — and frequently surpass — global standards.

Continuous Improvement and Customer Empowerment

We view data protection as an ongoing commitment. Rather than waiting for issues to arise, we invest continually in our control environment, conduct frequent audits and penetration tests, and adapt our processes to keep pace with evolving privacy laws. We also make sure our customers are equipped with tools and knowledge to confidently manage their privacy settings.By constructing our approach this way, we create and maintain a safe and transparent environment for crypto trading. I believe that only when we protect your data, empower you as a customer, and take accountability for our actions, can we earn your trust every day.