The General Data Protection Regulation is set to come into force on 25th May 2018. This far-reaching regulation will replace the various regulations and national laws that have been in place across the European Economic Area (EEA) over the last twenty years. The regulation aims to increase the level of control EEA citizens and residents have over their personal data in the new digital age, and to present a more unified environment for international business across Europe.
The Regulation will impact any business that receives, processes, stores or transfers personal data of EEA-based individuals, regardless of its location. Personal data is defined broadly and will typically include information relating to an individual such as name, email, location, online identifier, IP address, home address etc., whether in a work or domestic setting. New rights are given to individual data subjects concerning the personal data being stored, including the right prior notification of what data is being used for, how it will be processed and when it will be deleted. As a result most businesses dealing the European market will have to review and update their data practices and privacy policies. High punitive fines can be levied for businesses that do not comply.
As we approach May 2018, BlueSnap is focused on General Data Protection Regulation (GDPR) compliance efforts.
During this implementation period, BlueSnap will be updating Merchant agreements, privacy and cookie policies to be in line with GDPR requirements, as well as ensuring that our systems and third-party services are in compliance.
These efforts are the continuation of BlueSnap’s commitment to comply with global privacy and security standards. For example, in order to cover the aspect of data transfer from the European Economic Area (EEA) to the US, BlueSnap has been certified on Privacy Shield since Q3 2016. We also added certification under the Swiss-US Privacy Shield scheme in 2017 and are currently finalizing updated data processing agreements with relevant parties involved in the processing, receipt and storage of personal data.
We shall be updating this page with further information over the coming months.
In the meantime, Merchants that receive shopper details from EEA-based individuals should take immediate steps to ensure their own compliance with the GDPR.
Useful resources for Merchants are available in English from the UK’s Information Commissioner’s Office web site: