In May 2018, the EU General Data Protection Regulation (GDPR) went into effect. The GDPR is a European regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What does the GDPR do?
This regulation enhances the data privacy protections for European Union citizens and is a mandatory requirement for any company with access to personal data of EU citizens. If your company is conducting business with EU residents, your ecommerce platform must be GDPR compliant.
What are the goals of the GDPR?
One of the aims of the GDPR is to harmonize and bring data privacy laws across Europe up to speed with the rapid technological change of the past two decades. It builds upon the current legal framework in the European Union, including the EU Data Protection Directive in existence since 1995.
Who does the GDPR affect?
GDPR compliance is different for every company and depends on, among other factors, company size, the types and amount of data it processes, and its current security and privacy measures. The GDPR will apply not only to organizations located within the EU, but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.
Under the GDPR, businesses:
- Must obtain explicit consent to access EU-based residents’ personally identifiable information (PII).
- Must notify customers in case of hack or breach.
- Must appoint a dedicated data protection officer.
- May be levied fines for noncompliance.
What Constitutes Personal Data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, or bank details to posts on social networking websites, medical information, or a computer IP address.
Protecting Your Personal Data
Personal data plays a huge part in society and the economy. It is essential that people have—and know they have—control and clarity over how their data is used, are protected by any organization they interact with, and that organizations are given clear guidelines to protect all personal data.
FastSpring Compliance with the GDPR
FastSpring is fully compliant with the EU General Protection Regulation. Our ecommerce platform is capable of conducting business with all EU-based customers online store. FastSpring also complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
Any business that collects or receives customer data from contacts in the EU is responsible for complying with GDPR and protecting customer data. We strongly encourage you to familiarize yourself with the new regulation and prepare for implementation. Information is available at gdpr-info.eu, nibusinessinfo.co.uk, and eugdpr.org
![[Data Report] Recession Proof-Pricing](https://fastspring.com/wp-content/themes/fastspring-bamboo/images/promotional/2022/Recession-Proof-Pricing-Report-Nav-bar-image.jpeg)
Global Payments
Fraud Prevention
Subscription Management
Affiliate Marketing
Checkout
Digital Invoicing
Tax Compliance
Interactive Quotes
Reporting and Analytics
Developers
