On May 25th 2018 the new GDPR (General Data Protection Regulation) became law. Compliance with GDPR is a legal requirement for your business and suppliers
Failure to comply could result in huge fines and potential legal action from customers
The General Data Protection Regulation is a regulation by which the European Union(EU) intend to strengthen data protection for individuals within the (EU)
The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business
It also addresses export of personal data outside the EU – so companies that use offices elsewhere in the world to deal with EU citizens must comply
If a company trades in Europe – it has to comply – regardless of Brexit
Tier 1: up to 2% of annual worldwide turnover or €10,000,000 (whichever is the higher);
Tier 2: up to 4% of annual worldwide turnover or €20,000,000 (whichever is the higher)
In addition to the administrative fines above, GDPR also gives any person who has suffered material or non-material damage as a result of an infringement of the GDPR the right to receive compensation. There is no ceiling on the level of compensation - so the cost to a business could be extremely high.
Regulators have a range of other enforcement powers (e.g. audit rights, order compliance, impose ban on processing)
A data breach is defined as follows:
"...a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed"
If a data breach occurs, the company only has 72 hours from becoming aware of the breach to report it to the regulatory body (In the UK this is the Information Commissioners Office (ICO)). If it is not reported within 72 hours the regulatory body will want to know why.
By using Gala Technology’s SOTpay and SOTpay+ solutions your organisation can prevent any payment card information entering your business.
Payment card information loss is one of the most emotive topics when dealing with a data breach – as consumers fear financial loss and the time lost is sorting out the problem. As GDPR extends to many different types of data, as well as payment card information, Gala Technology can offer our customers the correct support on their GDPR programmes and have access to skilled resource when required.