The General Data Protection Regulation (GDPR) is a legal framework that sets out principles for data management and the rights of individuals covered by that framework across Europe. If you have customers anywhere in the EU, you are obligated to comply with the GDPR payment regulations, no matter where your business is based.
The GDPR applies to personal data, meaning any information relating to an identified or identifiable person. It is composed of guidelines for the collection and processing of individuals’ personal information, when processing is conducted by EU-based data controllers or processors, or companies processing EU data subjects' information, so as to offer them services or to monitor their behavior within the EU.
It’s all about protecting individuals’ privacy, allowing them to exercise ownership of their personal data and make decisions about how their personal data is used by those who collected it. Organizations processing your data must have a legal basis to do so. In addition, they must follow specific requirements, such as providing you with information about how they use, share and secure your data, while making sure those activities take place in a fair manner and for the purposes your information was collected.
There are four core areas that will see the biggest changes:
Speaking of the rights of the individual, this is where it gets really interesting - there are eight areas where these have specifically been bolstered from the original EU Data Protection Directive (the legislation being replaced). As individuals, you, me and everybody else in the EU will by law be given certain rights with respect to our personal data. Here are a few examples:
Payments data, such as your credit or debit card details, your contact details and what you bought, is personal data. Checkout.com provides payments processing and merchant acquiring services to e-commerce merchants. This means that processing personal data is at the core of our operations. To us, privacy is above all else.
At Checkout.com we enhanced our privacy program to follow the new GDPR framework. These are some of the key measures we have taken:
We’re entirely committed to ensuring that our personal data processing activities are compliant, with specific attention given to data processing across the EU.
Privacy by Design is an approach to operationalizing privacy within systems, products and business process. At its core, Privacy by Design means promoting user privacy in every stage of product and program development.
One of the key elements of the GDPR is Privacy by Design. We wanted to share details about how we prepared to implement this element in our operation, as a sample of our approach to the GDPR.
At Checkout.com we don’t take this lightly. Privacy by Design is a key pillar of our ongoing GDPR and data protection compliance, as it affects how we improve existing systems and procedures and how we create new ones.
We implemented our Privacy by Design program while following these GDPR principles:
Arguably one of the most important aspects of the GDPR is the accountability approach and what this means moving forward. In a nutshell, this principle highlights that a data controller must be able to showcase that all processing is compliant with the data protection policies.
We have documents in place that outline the technical and organizational measures put in place to adhere to the GDPR.
Transparency and collaboration are the cornerstones of our business. From our product to engineering and sales teams, we’ve worked together to ensure that the changes the GDPR will bring are being reflected in daily activities and are communicated effectively, not just externally but also internally within our business.
25 May signifies a new beginning. The GDPR is not a one-off legislation. Instead, it is about continuous improvement and respecting the privacy rights of individuals across all business sectors. At the end of the day, the GDPR is vital given the digital era we live in and the importance of privacy and our rights when it comes to our data.
As promised, below is an infographic with seven essential GDPR facts:
If you would like more information about the steps that Checkout.com has taken to prepare for the GDPR, then get in touch with your account manager or another member of the team today.