GDPR – Data Protection Gets Serious

by | Apr 15, 2016 | Payments

GDPR – Data Protection Gets Serious

 

On 14 April 2016, the EU Parliament adopted the long awaited General Data Protection Regulation (GDPR)

The GDPR will have considerable impact on all companies that provide goods or services to Europe, regardless of the company’s location and in many ways differs significantly from existing European data protection laws.

Once the Regulation is published, companies will have just over 24 months to comply with the new Regulation or risk facing fines equal to 4% of the company’s annual worldwide turnover for non-compliance.

 

Key Changes


GDPR – Immediate Applicability

 

The GDPR replaces the current European data protection regime consisting of the 1995 Data Protection Directive and 28 national data protection laws. The GDPR will be directly applicable in every EU Member State, without the necessity of implementing national laws.

 

GDPR – Explicit Consent

 

The Regulation requires explicit consent to be given by individuals for processing their personal data. In the past, consent could be considered valid if obtained implicitly. Companies will need to move away from processes that rely upon consent as the default (e.g., pre-checked) option, whereby individuals must “opt-out” to withhold consent. Instead companies will now need to show that an individual expressly agreed to the processing of their personal data via an “opt-in” mechanism (e.g., by checking a box or performing some other intentional act) for it to be valid.


GDPR – Reporting of Data Breaches

 

Companies that experience significant data breaches will now be required to notify the relevant national data protection authorities and (in some cases) data subjects that such an incident occurred. This brings Europe closer in line with existing U.S. breach notification laws that require companies to inform various state regulators and/or law enforcement and/or data subjects if they experience a data breach.

 

GDPR – Data Portability


Data subjects must be able to transfer their data easily from one service provider to another. Companies should consider whether to modify how they collect and retain personal data to simplify data transfers.

 

GDPR – Data Processors Under Scrutiny


Third parties who process personal data on behalf of other companies (e.g., for invoicing, shipping, payment processing) will be required to comply with a number of specific data protection related obligations. Failure to meet these obligations as a data processor will result in sanctions for non-compliance.


GDPR – Data Protection Officer

 

Companies will have to appoint a Data Protection Officer(DPO) when they are, for example, processing sensitive data (health or financial information). The DPO will be required to report directly to senior management.

 

GDPR – Extra-territorial Reach


The GDPR will apply to companies established outside the EU that process personal data from or on behalf of European companies. Foreign companies will also be subject to the Regulation if they “target” European markets or individuals. This means that any online business that intentionally markets to Europeans, or engages in activities such as customer profiling, or expressly offers products or services to European consumers or entities is likely to fall within the scope of the GDPR.

 

GDPR – Greater Responsibility

 

The GDPR imposes greater responsibility and accountability on companies regarding how they control and process personal data.

 

GDPR – Harmonization

 

The entire EU will be subject to the GDPR. This means there will be a single set of rules governing data protection throughout the region, rather than differences from one State to the other, as is the case now with 28 different national data protection laws.

 

GDPR – One-Stop-Shop

 

Companies that have multiple locations or conduct operations in multiple European countries will have a single national data protection authority act as the lead regulator for any compliance or enforcement issues.

 

GDPR – Privacy By Design

 

Companies must consider ways to mitigate any risk of harm to data subjects throughout the process of designing new products or services. These new products or services should by default ensure that only minimal personal data is collected, used and retained. Companies may incorporate an approved certification mechanism to demonstrate compliance with such requirements.

 

GDPR – Privacy Impact Assessment

 

A Privacy Impact Assessment will become a mandatory pre-requisite before processing personal data for operations that are likely to present higher privacy risks to data subjects due to the nature or scope of the processing operation.


GDPR – Right To Be Forgotten


Data subjects have the unequivocal right to request that a company responsible for the collection and use of their personal data to delete it if there are no legitimate grounds for a company to retain it. This means that companies will need to carefully examine their statutory obligations to retain certain types of data, as well as their internal data retention policies to identify when and if it may delete personal data at the request of a data subject.


GDPR – Transparency


Companies will need to be more transparent about their privacy practices and policies. This means that online businesses in particular will need to enhance their website privacy policies to include much more detailed information. It goes without saying that any information provided in such policies will need to be written clearly and accurately reflect current company practices and procedures regarding the collection and processing of personal data.


GDPR – Stronger Enforcement

 

Non-compliance could lead to heavier sanctions. The GDPR enables regulators to levy financial sanctions of up to 4% of the annual worldwide turnover of the company for non-compliance.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

About

Gropay provides management consulting and interim management services globally in the areas of online payments, mobile payments and point of sale POS payments. Our clients span the entire payments value chain from schemes to merchants and also include private equity investors, technology and mobile companies. The Gropay team consists of proven industry leaders with extensive experience both on the demand (merchant) and supply (Payment Service Provider, acquirer, scheme) sides with a focus on sales and business development, operations, risk, compliance, valuation and due diligence.

Visit our homepage

YOU MIGHT ALSO LIKE

GDPR for Payments

GDPR for Payments GDPR is an important EU wide regulatory mandate. It provides increased protection of individual privacy and gives individuals more control over the information they share. In our view GDPR is an important element of building a scalable data centric...

read more
US Supreme Court repeal of PASPA

US Supreme Court repeal of PASPA

US Supreme Court repeal of PASPA On Monday, May 14, 2018, the Supreme Court of the United States held in the Murphy v. National Collegiate Athletic Association case that the federal Professional and Amateur Sports Protection Act (“PASPA”) violated the Tenth Amendment...

read more
Gropay’s 5 Tips For The Holiday Season!

Gropay’s 5 Tips For The Holiday Season!

GROPAY'S 5 TIPS FOR THE HOLIDAY SEASON With all the preparations for the holiday, last week deadlines, the multitude of drinks, parties, last minute shopping as well as high expectations from family and friends, it is easy to get lost in this busy time before the...

read more
Is the future of payments happening in India now?

Is the future of payments happening in India now?

India Makes Important Advances in Biometric Payments In India it’s already possible for a consumer to authorise and authenticate a payment with their fingerprint or iris scan. As a largely cash based economy India has leapfrogged the use of Cards and Smart Phones for...

read more
How Do Bitcoins Impact Online Merchants?

How Do Bitcoins Impact Online Merchants?

How do bitcoins impact online merchants? There’s a lot that has been said and written about bitcoins. They are the talk of the town these days. Undoubtedly bitcoins and related distributed ledger technologies will have a lasting impact on payments and financial...

read more
PSD2 What Will Really Change?

PSD2 What Will Really Change?

PSD2 What Will Really Change? There has been a lot written about the PSD2 and rightly so, it is important regulation soon to be enacted into legislation that will bring significant innovation and change to electronic payments. But what will actually change in the day...

read more
SafeCharge Three Years After IPO

SafeCharge Three Years After IPO

SafeCharge 3 Years After IPO In this post we look at SafeCharge, a medium sized payment processor and recently formed acquirer. We look at the following items; history, the IPO, recent performance, drivers of growth so far, recent strategic moves and execution...

read more
The Stamina Of Clinton Or Trump?

The Stamina Of Clinton Or Trump?

The Stamina of Clinton Or Trump There have been lot of comments made by presidential candidate Donald Trump triggering a lot of media attention and public debates recently. Not the most notorious comment, but still one that made me pause in the work I was doing....

read more
Authentication – Payer! Reveal Thyself

Authentication – Payer! Reveal Thyself

Authentication - Payer! Reveal Thyself EPC releases results of latest consultations for e-mandate today: what does this mean for authentication and your online business? Earlier today, 5 April 2016, the European Payments Council (EPC) announced the launch of the...

read more
Fantasy Sports – It’s All A Fantasy

Fantasy Sports – It’s All A Fantasy

Fantasy Sports - It's All A Fantasy Fantasy Sports continue to gain popularity California recently introduced a bill to allow online sports betting. The motivation of this bill is believed to be the increasing popularity of fantasy sports. Although, the bill has yet...

read more
Cash – Kicking The Habit

Cash – Kicking The Habit

Cash - Kicking The Habit There was an interesting article in The Economist recently about strikes on the London Underground (Tube). Such strikes are commonly believed to have a short term net cost to the economy. However the article quoted a study by Oxford and...

read more
Data Protection – To Russia With Love

Data Protection – To Russia With Love

Data Protection - To Russia With Love Data Protection Russia Russia’s new data protection law came into effect on the 1st of September 2015. It’s now required by law to store personal details of Russian citizens on servers physically located in Russia. Copies of the...

read more

Dressing For Work – Looking The Part

I had a manager once who was a real mover and shaker in HR, brilliant in strategy and amazing to work with. Although visionary in his business outlook, there were some basic things that could really set him off when meeting new people: things like scruffy shoes. You...

read more

Tattoos – Ink At Work

Are Tattoos ever OK at work? I was HR Director at a large organization when I suddenly completely got caught by a curb ball thrown by one of my main stakeholders. “What is our HR policy on tattoos?”  I had to take a two second pause before responding with a gigantic...

read more

Wirecard’s $9 Billion Bid For Worldpay

Wirecard with a market value of $ 5.2 billion made a $9 billion bid for Worldpay. Is this a serious bid? What will Wirecard do with Worldpay? Wirecard has extensive experience with M&A and also in acquiring companies larger than itself and making it a success; as many...

read more

Changing Jobs – Stay Or Go?

Changing jobs - How long should you stay in your current job? In this day and age, most employees are not even aware that organisations used to have tenure incentives like a fancy watch, a toaster or at least a bunch of flowers when you reached your 20 or 25 years of...

read more

Distracted Living – A Simple Life

Distracted Living Psychology Today published an interesting blog on distracted living. Distracted living is where you miss out on much of your life because you generally aren’t paying attention, or your attention is so torn in many directions that your really do not...

read more

Is Visa Worried About Paypal?

Is Visa worried about Paypal? Visa recently published a report on Visa Checkout in which they stated that Visa Checkout delivers 17% better conversion than Paypal. One of the interesting points about this report is that Visa considers Paypal as enough of a threat to...

read more

Mergers And Acquisitions

How do I deal with my company going through a merger or acquisition? Working in the payments sector? There is a big chance that your company is engaged in a merger, is taking over another company or is about to become an acquisition. 2014 was a big year for payments...

read more

FOLLOW GROPAY

Pin It on Pinterest

Share This