HomeResourcesManaging risks and compliance in online marketplacesGlobal Business Strategy
GDPR is just around the corner. Are you ready?
Adhering to the GDPR is a must for all businesses in the EU. But what exactly is it and how does it impact you? Learn about the different elements of GDPR here. We also cover its impact on marketplaces and platforms.
Everyone is talking about GDPR, but what is it? Who does it apply to? How will it impact on marketplaces and platforms? We wanted to shed some light on these questions.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a European regulation that will take effect on May 25, 2018, and replaces the Data Protection Directive of 1995 and the national data protection laws of the European Union (“EU”).
GDPR is designed to set a uniform standard across the EU with regard to the way organizations collect, use and share personal data of data subjects in the EU.
What information does GDPR protect?
GDPR applies a broader than usual definition of personal data, including “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Therefore, the definition may capture, in certain circumstances, IP addresses, mobile device IDs, email addresses, cookies and other online identifiers.
Who is subject to GDPR requirements?
The application of GDPR is cross border and it covers the processing by organizations established in the EU of personal data in the course of their activities (EU and non-EU data subjects). It also applies to non-EU organizations with no formal or physical presence in the EU, so long as such non-EU organizations offer goods or services to data subjects in the EU or monitor their behavior (to the extent the subject is within the EU) (e.g. internet use profiling).
The act of ‘processing’ covers a variety of actions of an organization such as collection, recording, structuring, storing, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction, etc.
Such non-EU organizations are generally required to designate a representative established in an EU member state where the data subjects whose personal data is processed or whose behavior is monitored are located. The term “established” can be interpreted in different ways, so whether an organization is considered established in the EU should be examined on a case-by-case basis.
GDPR includes certain key elements and obligations that impacted organizations should be aware of and implement, such as:
- Defining the specific legal ground to permit data processing
- Identifying and documenting the process by which personal data is collected and processed
- Appointing a Data Processing Officer
- Defining the organization’s responsibilities as data controller and/or data processor
- Formulating data breach responses and notification requirements
- Outlining the rights of the data subjects to access their information and be forgotten
- Addressing transmission of personal data outside of the EU
Organizations that fail to comply with the requirements of GDPR may face severe administrative and economic sanctions, including fines of up to EUR 20,000,000 or 4% of the organization’s total worldwide annual turnover of the preceding financial year.
How does GDPR impact you?
As a commercial business such as a marketplace or digital platform selling or otherwise offering goods or services internationally and processing personal data, you should understand how and whether GDPR applies to your organization. The personal data collected, stored or processed by your organization might be that of your sellers, customers, vendors and even random visitors to your website.
GDPR can apply to your organization regardless of its size or revenues and even regardless of whether or not you have a formal presence in the EU. If you collect, hold, process or have access to information that can be used to identify a data subject in the EU, you are probably subject to GDPR.
Firstly, you should understand the criteria for offering “goods and services” to EU data subjects. Is your website accessible in the EU? Do you use EU languages and currency? Are your campaigns directed to the EU?
Let’s take, for example, a Singapore-based organization that sells hand-made ties. The company has neither offices nor an affiliate company established in the EU, but offers its goods online. The company runs campaigns targeted at customers in the EU and even offers translated pages of its website. This organization collects personal data upon registration and creation of an account, including the registrant’s name and email address. Does GDPR apply to this organization? The answer is yes.
The new regime of GDPR confers more responsibilities on the organization; it’s now the organization’s responsibility to confirm that the data it processes is duly protected. Sometimes GDPR only provides a framework or guideline, and the organization must determine if it’s the controller or a processor of personal data and make sure that it properly stores and protects personal data.
The key questions you should be asking
Individuals are becoming more and more aware of their rights and the data collectors’ responsibilities as we countdown towards May 2018.
What are we doing at Payoneer to be ready for GDPR?
At Payoneer we take pride in providing a high level of security and transparency with respect to how we collect, use and share the personal data of our customers, partners and vendors. We are diligently preparing for GDPR, updating our policies and refreshing our procedures pertaining to data subjects’ access and other rights and are taking these and other measures to be fully compliant with GDPR.
Please note that this isn’t intended to be a comprehensive and exhaustive review, but rather an outline of certain issues which we consider to be key to understanding GDPR. We recommend that you undertake your own analysis as to how GDPR applies to your organization specifically.
With its low tax rate and strategic location, Cyprus is well established as one of Europe’s top incorporation hubs. In this article, we lay out a step-by-step process for registering a company in Cyprus as well as the top benefits of doing so.
Developing a successful global business strategy is crucial for any business looking to expand beyond its domestic market. The benefits of entering the global market are endless. In this article, we will explore the main concepts of global business strategy.
Collecting tax forms is an essential process for marketplace business owners. In this article, we’ll discuss why it matters, how to do it efficiently, and how automation can improve the tax form collection process.
Welcome to our Reports and Research hub. Based on our leading position and experience in the world of cross-border business, our research reports aim to offer you our latest findings and global insights. Feel free to browse our reports and discover valuable resources to support your business’s growth and success.
Want to make and receive cross-border payments with ease? Payoneer gives you access to a universe of opportunities to make international payments, receive funds, and much more to run your global business. Read on to learn about how to get started using Payoneer today.
Every business owner needs to issue invoices. Learn what an invoice is, what you need to include on your invoices, and when you need to send them, and why tracking invoices is important for your business’ success.
What is payment fraud detection and what do you need to know to understand, detect, and prevent fraudulent activities. Discover the best practices, tools, and strategies to safeguard your business against payment fraud and protect your financial assets.
The basics of treasury management What is treasury management and why is it important? Treasury management plays a crucial role in the financial operations of businesses. This piece will explore the fundamentals of treasury management, its core functions, and its importance for businesses.
Accounts receivable (AR) is crucial for business success. By managing your AR process effectively, you can improve Your cash flow, increase revenue, and build better customer relationships. AR involves tracking and managing customer payments and outstanding balances. Our comprehensive guide will help you understand what AR is, And how you can optimize your AR process…