The General Data Protection Regulation, or GDPR, comes into effect soon on May 25th, 2018. This is a comprehensive data privacy law that will affect companies based in the EU, or companies with customers in the EU. Essentially, the GDPR gives people more rights and transparency over their personal data and how it’s used.
Here at Vend, we’re a firm supporter of the strong data privacy and security principles the GDPR highlights. We’ve been taking steps toward being compliant when the GDPR comes into effect, and we want to help retailers with their own compliance efforts.
Is the GDPR something I should be concerned about?
If you’re a retailer in the European Union, or any of your customers are based in the EU, then the short answer is yes.
The longer answer is that because you have customers in the EU and collect their data in Vend, under the GDPR you’re considered a ‘data controller’. The GDPR gives people the right to access, correct, delete and restrict how their data is used, and as a ‘data controller’ you are required to allow people to exercise these rights. See this full guide to GDPR for all the details.
What is Vend doing to help retailers comply with GDPR?
We’ve been busy building tools and features to help our retailers comply with GDPR, and honor the data subject rights of customers. Our Help Center article outlines everything in detail, and will continue to be updated as more tools become available.
Sign Our Data Processing Agreement (DPA) Today
If you’re a retailer using Vend in the EU, or you have customers based in the EU, then signing our DPA will help your store comply with GDPR. Make sure to sign this before 25 May, 2018.
This agreement is pre-signed by Vend, and allows the lawful transfer of EU personal data to Vend under GDPR regulations. Find out more in our Help Center article here.
What is Vend doing to prepare for the GDPR?
Our team has been hard at work to ensure Vend is compliant with the GDPR when it comes into effect on 25 May, 2018. This includes:
- Reviews and updates to our internal data processes, procedures, data systems, and documentation
- Continued investment in our security infrastructure
- Reviews and updates to our contractual arrangements with third party vendors
The most important thing to know is that we’re ready for the GDPR coming into effect. Every business is unique, so this blog post should not be relied upon as legal advice. We encourage you to work with legal professionals to find out how the GDPR applies to you.