You may have heard about General Data Protection Regulation (GDPR) cropping up quite a bit in conversation or have come across it on the social channels which you use. You may know all about it already, which is great, or you may not be sure what it’s really all about.
Help is at hand: this quick summary will give you an overview of the main changes GDPR will introduce and help you better understand what it will mean for you.
What is GDPR? |
GDPR is the new EU data protection regulation which replaces the existing EU Data Protection Directive from 25 May 2018.
It will regulate the privacy and handling of the personal data of individuals in the European Union (EU) and offer greater protection by giving them more control over how personal data can be collected, stored and used. This includes allowing individuals to have easier access to the information companies hold about them, a clear responsibility for organisation to obtain the consent of individuals they collect information about and a new regime of fines. |
Why is it happening? |
GDPR is being introduced to address concerns over data protection in today’s digital landscape. A lot has changed since the existing data protection laws and regulations were created in the 1990s.
Fundamentally, almost every aspect of our lives revolves around data. As we increasingly process vast amounts of digital information each day, the existing data protection laws and regulations created in the 1990s that govern our personal information are no longer fit for purpose. The GDPR therefore aims to harmonise regulation across Europe to reflect today’s data exchange landscape. |
Who does it concern? |
The GDPR will apply to an organisation or person that handles any personal data of people living in the EU. This means that companies and individuals based outside the EU that sell goods and services to individuals living in the EU will also need to comply with the new law. |
What about Brexit? |
The UK government has signalled its intention to implement the GDPR fully to ensure there is no interruption in the free flow of data between the UK and the EU after Brexit. This means that from May 2018 and for the foreseeable future the GDPR will apply to any UK business that processes data from individuals in the EU. |
What is Elavon doing? |
At Elavon, we recognise that the security of personal data of our customers is critical and compliance with GDPR is a matter of priority.
We already have a data protection and privacy program in place which is designed to identify and mitigate risk to the safety of personal data, and be compliant with the data protection and privacy regulations in the countries in which we operate. We have been undertaking a programme of work to assess our readiness for the GDPR. This has involved mapping current compliance levels against those mandated by the GDPR, and taking action to address identified gaps as follows:
|
What do I need to do next? |
You do not need to take any action and your Elavon Terms of Service has been updated to incorporate changes to GDPR (see Section 17 Data Protection), effective from 23 May 2018. UK CCA (Sole Trader, or Partnership with 3 or less Partners) UK NON-CCA (All other Customers) Privacy Notice GDPR guide For more information on GDPR and find out how Elavon can help you please see GDPR guide. |