Obviously, this will GREATLY limit the reach of Narrative, and I urge everyone, for your own privacy's sake, DO NOT GIVE THIS COMPANY ANY "KYC" IDENTIFICATION DOCUMENTS!
This isn't anything personal against the Narrative team, or the privately-owned company. Privacy disasters are happening on a global scale, and more and more leaks are happening to companies all around the world. Not to mention cyber-espionage from within the US, and all across the world.
This is a heads-up to the Narrative staff and their privately-owned company, that according to the GDPR, it is unlawful for any company or organization outside of the EU, or EUEA (economic area) to systematically collect the data of European Citizens without having a GDPR compliant regime in place.
There is a €10,000,000 & €20,000,000 fine for being non-compliant. In the case of Narrative, the systematic collection infers that Narrative and its staff *MUST* provide a Data Protection Officer if it wishes to be compliant:
DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37).
Until Narrative is in compliance it will be acting illegally to collect ANY information from the 28 EU countries. Narrative would be acting unlawfully by collecting any personally identifying information from European Citizens, whether through opt-in or opt-out schemes.
For Narrative, this means that as soon as it collects just *ONE* piece of sensitive data from any of the following 28 countries, it will be exposing itself to the GDPR regiment.