GDPR Compliance

GDPR Compliance

The General Data Protection Regulation came into final force on 25th May 2018. This far-reaching regulation replaces the various regulations and national laws that were in place across the European Economic Area (EEA) over the last twenty years. The regulation increases the level of control EEA citizens and residents have over their personal data in the new digital age and presents a more unified environment for international business across Europe.

 

The Regulation impacts any business that receives, processes, stores or transfers personal data of EEA-based individuals, regardless of its location. Personal data is defined broadly and typically includes information relating to an individual such as name, email, location, online identifier, IP address, home address etc., whether in a work or domestic setting. New rights are given to individual data subjects concerning the personal data being stored, including the right prior notification of what data is being used for, how it will be processed and when it will be deleted. As a result, most businesses dealing the European market have had to review and update their data practices and privacy policies. High punitive fines can be levied for businesses that do not comply.

 

BlueSnap & the GDPR

 

BlueSnap has been focused on completing its General Data Protection Regulation (GDPR) compliance efforts.

 

During the final implementation period, BlueSnap has updated merchant agreement terms, privacy policy and cookie usage to be in line with GDPR requirements, as well as ensuring that our systems and third-party services were in compliance.

 

New BlueSnap Data Protection Addendum

To enable BlueSnap merchants to continue accepting orders from individuals based in the European Economic Area (EEA) from that date onwards, the GDPR compels us to put into effect a Data Protection agreement containing mandatory provisions for all merchants wherever they are based.

We therefore issued a Data Protection Addendum effective for BlueSnap and all merchants as from 25th May 2018. Review the new Data Protection Addendum                                                                                                                             here: https://home.bluesnap.com/legal/BlueSnapDPA.

In addition to containing detailed provisions relating to BlueSnap’s handling and processing of personal data and the enforcement of data subject rights, it also requires our merchants to adhere to the GDPR and related law particularly with respect to notifying and obtaining any required consent of your customers for the processing of their personal data and transmission to BlueSnap.

 

Updated Privacy Policy 

BlueSnap also updated its Privacy Policy to cover new requirements introduced by the GDPR.  This automatically came into effect on 25th May and replaces the previous version on our Privacy Policy page at https://home.bluesnap.com/privacy-policy/.

These efforts are the continuation of BlueSnap’s commitment to comply with global privacy and security standards. For example, in order to cover the aspect of data transfer from the European Economic Area (EEA) to the US, BlueSnap has been certified on Privacy Shield since Q3 2016. We also added certification under the Swiss-US Privacy Shield scheme in 2017 and are currently finalizing updated data processing agreements with relevant parties involved in the processing, receipt, and storage of personal data.

 

We strongly advise merchants that receive shopper details from EEA-based individuals to take immediate steps to ensure their own data management practices are in compliance with the GDPR, and that other third party services used in addition to BlueSnap, are also compliant.

 

Useful resources for merchants are available in English from the UK’s Information Commissioner’s Office website:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/