The EU General Data Protection Regulation (GDPR)
The GDPR is important new legislation that is designed to strengthen and unify data protection for all individuals within the European Union. The regulation will become effective and enforceable on May 25th, 2018. Paytia is fully committed to helping its customers comply with the GDPR.
What is GDPR?
In 2016, the European Commission approved the new General Data Protection Regulation (GDPR). GDPR regulates the processing of personal data about individuals in the European Union, including how that data is collected, stored, transferred and used. The concept of "personal data" is defined very broadly, and covers any information relating to an identified or identifiable individual — anything from their name and email to potentially their online IP address.
GDPR gives people more rights and control over their data, including the right to be forgotten or the right to request a copy of any personal data you have collected about them. GDPR also requires organizations implement appropriate policies and security controls to protect personal data, keep detailed records on data activities, and enter into written agreements with vendors that process personal data on their behalf.
Why is GDPR important to me?
GDPR applies to any organization that processes personal data of individuals in the European Union, including tracking their activities online. If your website accepts visitors or customers from the European Union, you are most likely impacted by this law. Under the GDPR, authorities can fine organizations up to €20 million or 4% of the company's global revenue, so the stakes for compliance are high.
Does GDPR require that my information be stored in the EU?
No. A company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU. We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to satisfy this requirement, and also offer a Data Processing Addendum (DPA) to customers that require it.