Data Privacy and GDPR Compliance

General Data Protection Regulation (GDPR)

Ensuring full compliance with international data security and privacy regulations

Subscription businesses in the European Union (EU) and around the globe that do business with EU residents must comply with the General Data Protection Regulation (GDPR) that went into effect in May 2018. Vindicia is GDPR compliant and can help you navigate through the GDPR compliance process.

What is GDPR?

GDPR regulates how personal data is managed. Personal data includes any information that can be used to directly or indirectly identify a person, such as name, photo, email address, bank details, social networking posts, medical information, or a computer IP address.

GDPR applies to companies in two broad categories: “controllers” and “processors.” Controllers are companies, such as merchants, that collect personal data like credit card information and make decisions on what will be done with that data. Processors are companies that act on the behalf of controllers, storing and cataloging that data.

GDPR contains many requirements about how to collect, store, and use personal information. Not only does it cover how to identify and secure the personal data in your systems, but also how to accommodate new transparency requirements, how to detect and report personal data breaches, and how to train your privacy personnel and employees. GDPR also legislates new user rights, including the right to know how data is being used, the right to be forgotten, and the right to receive personal data.

GDPR affects all companies that deal with the EU

GDPR applies not only to organizations located within the EU, but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.

How to comply with GDPR

GDPR will impact multiple parts of your organization – including IT, marketing, data and legal – and will also require changes in your business processes. Because the regulations are detailed and technical, companies should consider employing third-party consultants to assess the impact of GDPR, and maybe also to implement the necessary changes in systems and procedures.

GDPR incorporates wide-ranging powers to impose severe penalties on companies that are not compliant. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million, whichever is greater.

Vindicia is GDPR compliant. Contact us for information on how to ensure that your subscription billing solution complies with the new requirements.


subscription people

GDPR FAQ Document

For more about GDPR, read our frequently asked questions document.

Learn More

Lifecycle eBook

The Subscription Lifecycle eBook: Subscription business success requires excellence at all phases of the subscription lifecycle

Get the eBook