As of 25 May 2018, the General Data Protection Regulation (or GDPR) will go into effect. This European privacy legislation gives individuals a voice when it comes to the use of their personal data by companies and organizations. The Data Protection Directive, therefore, no longer applies. Since the GDPR is intended to respect the privacy of internet users, it is relevant for all companies and organizations which collect, process, and use the personal data of EU citizens.
The GDPR: what it means for your company
The GDPR sets a number of new requirements, including:
- Companies are now required to take measures (both organizational and technical) to protect the personal data they have collected.
- Companies and organizations are required to stay up-to-date on current techniques/technologies in order to ensure that personal data is processed correctly.
- New rules apply when it comes to asking internet users for consent with regards to the use of personal data.
Companies that do not respect these requirements risk high fines. Companies are therefore required to correctly record, manage, and (if necessary) anonymize or delete personal data.
With the introduction of the GDPR, consumers have more rights when it comes to the use of their personal data. For example, a consumer must be able to view their own data on request. Additionally, a consumer must be able to request the removal of their personal data.
The GDPR: What it means for MultiSafepay
In accordance with the GDPR, MultiSafepay is required to take several measures in order to protect the personal data of our customers, including:
- The use of specific software
- Implementing policy changes in accordance with the obligations described in the GDPR
- Updating (operational) procedures and implementing these procedures within the organization.
In addition, MultiSafepay has taken steps to ensure that the requirements posed by the Payment Card Industry Data Security Standard (PCI DSS) are taken into account. MultiSafepay has been preparing for the GDPR for some time and will therefore guarantee that the consultation, correction, deletion, transfer and possible discontinuation of the processing of personal data is possible in May 2018.
Do you have questions about the GDPR? Please consult our FAQ.