GDPR: What You Need To Know About The New Data Protection Laws

One of the best things about living in the digital age is being able to expand your ecommerce business beyond what traditional storefronts allow. Not only can you sell products beyond your local area, but national and international ecommerce is becoming increasingly common. When selling internationally, it is important to keep the laws of all of the countries you are selling to in mind. The EU General Data Protection Regulation (or GDPR) was established in 2016 but will take effect May 25^th, when all affected companies must be in compliance. This will affect any companies in Europe, or any companies that have customers in Europe.

What is the GDPR? The General Data Protection Regulation, as the name suggests, is to protect the data of customers in Europe. The GDPR is used to regulate how companies handle and collect personal data and information, to make sure that customers stay protected and their data is not being distributed without their knowledge or permission.

Customers will have the right to access, correct, delete, and restrict processing of their data. There are also strict rules on how companies can get customers to agree to use their data. If you only use your customers data for filling orders, this is not a big deal. However, many companies like to take their customers data and use it for marketing and advertising without their express consent. The GDPR also makes it the company’s responsibility to protect the information, even if they are using a payment processor (such as BMT Micro) or a website platform.

What counts as personal information? The Information Commissioner’s Office of the UK defines personal information as follows:

“Personal data means data which relate to a living individual who can be identified:

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

Basically, what that means is any information used to identify a customer is counted as personal information. This includes their name, email address,
IP address, what they purchased, etc. It even goes so far as to include indirect information, such as what area the customer is located, or what career field they work in.

What do I need to do to be GDPR compliant? Please visit the GDPR website to make sure that your company is following all of the guidelines the European Union has set. You might need to update your website’s privacy policy and make sure any third party apps you use also comply with GDPR. Overall, GDPR is not a huge change from privacy policies of the past if you were using your customer’s information safely and responsibility. It is always important to make sure you are following the law and putting your customer’s privacy and safety first, and GDPR helps achieve that.

BMT Micro is GDPR compliant, and continues to be a secure and reliable payment platform. For more information please contact vendors@bmtmicro.com.