General Data Protection Regulation (GDPR)

Data Privacy and GDPR Compliance

Ensuring full compliance with international data security and privacy regulations

All businesses today that manage customer data need to comply with data security and privacy regulations. The General Data Protection Regulation (GDPR) is the latest privacy legislation, coming from the European Union (EU) and going into effect in May 2018. What is new in GDPR? Whom does it affect? And what should you be doing about it?

What is GDPR?

GDPR regulates how personal data is managed. Personal data includes any information that can be used to directly or indirectly identify a person, such as name, photo, email address, bank details, social networking posts, medical information, or a computer IP address.

GDPR applies to companies in two broad categories: “controllers” and “processors.” Controllers are companies, such as merchants, that collect personal data like credit card information and make decisions on what will be done with that data. Processors are companies that act on the behalf of controllers, storing and cataloging that data.

GDPR contains many requirements about how to collect, store, and use personal information. Not only does it cover how to identify and secure the personal data in your systems, but also how to accommodate new transparency requirements, how to detect and report personal data breaches, and how to train your privacy personnel and employees. GDPR also legislates new user rights, including the right to know how data is being used, the right to be forgotten, and the right to receive personal data.

GDPR affects all companies that deal with the EU

GDPR applies not only to organizations located within the EU, but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.

How to comply with GDPR

GDPR will impact multiple parts of your organization – including IT, marketing, data and legal – and will also require changes in your business processes. Because the regulations are detailed and technical, companies should consider employing third-party consultants to assess the impact of GDPR, and maybe also to implement the necessary changes in systems and procedures.

GDPR incorporates wide-ranging powers to impose severe penalties on companies that are not compliant. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million, whichever is greater.

Contact Vindicia for information on how to ensure that your subscription billing solution is GDPR compliant.

subscription people

GDPR FAQ Document

For more about GDPR, read our frequently asked questions document.

Learn More

Subscriptions eBook

How a strategic billing platform can help drive bottom-line success.

Learn More