Resource center
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Topic
Region
Perspectives

GDPR and Payments: what this means for data protection

Link to the author's page
Maor Fishman
November 13, 2019
Link to the author's page
GDPR and Payments: what this means for data protection

What is the GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets out principles for data management and the rights of individuals covered by that framework across Europe. If you have customers anywhere in the EU, you are obligated to comply with the GDPR payment regulations, no matter where your business is based. 

The GDPR applies to personal data, meaning any information relating to an identified or identifiable person. It is composed of guidelines for the collection and processing of individuals’ personal information, when processing is conducted by EU-based data controllers or processors, or companies processing EU data subjects' information, so as to offer them services or to monitor their behavior within the EU. 

It’s all about protecting individuals’ privacy, allowing them to exercise ownership of their personal data and make decisions about how their personal data is used by those who collected it. Organizations processing your data must have a legal basis to do so. In addition, they must follow specific requirements, such as providing you with information about how they use, share and secure your data, while making sure those activities take place in a fair manner and for the purposes your information was collected.

Key changes introduced by the GDPR

There are four core areas that will see the biggest changes:

  • Wider territorial scope.
  • Increased accountability requirements (which we will get onto later).
  • Fines for non-compliance are up to €20 million or 4% of worldwide turnover.
  • Protection of personal data strengthened and the rights of the individual widened.

Speaking of the rights of the individual, this is where it gets really interesting -  there are eight areas where these have specifically been bolstered from the original EU Data Protection Directive (the legislation being replaced). As individuals, you, me and everybody else in the EU will by law be given certain rights with respect to our personal data. Here are a few examples:

  • The right to be informed - individuals have the right to be informed about the collection and use of their personal data, with organizations to provide information about the purposes for processing their personal data, retention periods for that personal data, and who it will be shared with.
  • The right of access - this allows users to receive a copy of their personal data and to check that it is processed lawfully.
  • The right to rectification - enables you to have any incomplete or inaccurate data held about you corrected.
  • The right to erasure - enables you to ask organizations to delete or remove personal data where there is no good reason to continue processing your data.
  • The right to data portability - you can request the transfer of your personal data to you or to a third party.

What does the GDPR mean for Checkout.com and the payments industry?

Payments data, such as your credit or debit card details, your contact details and what you bought, is personal data. Checkout.com provides payments processing and merchant acquiring services to e-commerce merchants. This means that processing personal data is at the core of our operations. To us, privacy is above all else.

At Checkout.com we enhanced our privacy program to follow the new GDPR framework. These are some of the key measures we have taken:

  • We mapped our data processing activities, including the purpose for processing personal data and detailed descriptions of the activities data processors are conducting on our behalf.
  • We adopted new policies governing data protection, data retention and our response in the event of a data breach.
  • We continuously embed Privacy by Design principles into our product development cycle and internal processes.

We’re entirely committed to ensuring that our personal data processing activities are compliant, with specific attention given to data processing across the EU.

What is Privacy by Design?

Privacy by Design is an approach to operationalizing privacy within systems, products and business process. At its core, Privacy by Design means promoting user privacy in every stage of product and program development.

Checkout.com and Privacy by Design

One of the key elements of the GDPR is Privacy by Design. We wanted to share details about how we prepared to implement this element in our operation, as a sample of our approach to the GDPR.

At Checkout.com we don’t take this lightly. Privacy by Design is a key pillar of our ongoing GDPR and data protection compliance, as it affects how we improve existing systems and procedures and how we create new ones.

We implemented our Privacy by Design program while following these GDPR principles:

  • Data minimization - personal information must be relevant and limited to what is necessary in relation to the purposes for which it is being processed.
  • Storage limitation - personal information must be kept in a manner which permits identification of data subjects for no longer than is necessary for the purposes for which the personal information is processed.
  • Security and confidentiality - personal information must be processed in a manner that ensures the appropriate level of security.
  • Data subject rights - top-of-mind when obtaining, sharing, amending, deleting and retrieving personal data.

What Does the Accountability Approach in GDPR Mean? 

Arguably one of the most important aspects of the GDPR is the accountability approach and what this means moving forward. In a nutshell, this principle highlights that a data controller must be able to showcase that all processing is compliant with the data protection policies.

How is Checkout.com accountable to the GDPR?  

We have documents in place that outline the technical and organizational measures put in place to adhere to the GDPR.

Transparency and collaboration are the cornerstones of our business. From our product to engineering and sales teams, we’ve worked together to ensure that the changes the GDPR will bring are being reflected in daily activities and are communicated effectively, not just externally but also internally within our business.

Our new Privacy Policy is another way to understand a bit more about our approach to personal data and how we interface with the GDPR.

What happens next with the GDPR?

25 May signifies a new beginning. The GDPR is not a one-off legislation. Instead, it is about continuous improvement and respecting the privacy rights of individuals across all business sectors. At the end of the day, the GDPR is vital given the digital era we live in and the importance of privacy and our rights when it comes to our data.

As promised, below is an infographic with seven essential GDPR facts:

If you would like more information about the steps that Checkout.com has taken to prepare for the GDPR, then get in touch with your account manager or another member of the team today.

Download PDF

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button

Most recent articles

A guide to payment processing for B2B companies
Blog
Apr 23, 2024

A guide to payment processing for B2B companies

Read article
Card authorization explained
Blog
Apr 17, 2024

Card authorization explained

Read article
The trends and challenges for cross-border payments in 2024
Blog
Apr 17, 2024

The trends and challenges for cross-border payments in 2024

Read article
How alternative payment methods can reduce chargebacks
Blog
Apr 11, 2024

How alternative payment methods can reduce chargebacks

Read article
WeChat Pay: A guide for merchants
Blog
Apr 8, 2024

WeChat Pay: A guide for merchants

Read article
Online marketplace spending skyrockets by 143% during Ramadan in the UAE
Blog
Apr 4, 2024

Online marketplace spending skyrockets by 143% during Ramadan in the UAE

Read article
Ramadan online spend expected to raise across key sectors
Blog
Apr 4, 2024

Ramadan online spend expected to raise across key sectors

Read article
Why your business needs a Chief Payments Officer
Blog
Apr 2, 2024

Why your business needs a Chief Payments Officer

Read article
Why PCI DSS 4.0 is fundamental to a thriving digital economy
Blog
Apr 2, 2024

Why PCI DSS 4.0 is fundamental to a thriving digital economy

Read article
What is account takeover fraud?
Blog
Apr 2, 2024

What is account takeover fraud?

Read article
A guide to payment tokenization
Blog
Mar 28, 2024

A guide to payment tokenization

Read article
Introducing Apple Pay Card Payouts: Enhancing your customer’s money transfer experience
Blog
Mar 28, 2024

Introducing Apple Pay Card Payouts: Enhancing your customer’s money transfer experience

Read article
Return to home
November 13, 2019 8:18
August 11, 2023 10:04