In this article, we will cover:
- What is General Data Protection Regulation (GDPR)
- How GDPR is relevant to Beeketing
- How GDPR affects merchants
1. What is GPDR
EU General Data Protection Regulation (GDPR), an update to regulations for the processing of data and private information online, places the responsibility on businesses to give individuals more control over their personal data. Coming into effect starting May, 25th 2018, the regulation will apply to businesses based in the European Union or those that do extensive business in Europe. Businesses that fail to comply with these new rules could be subject to fines as high as 4% of annual global revenue.
2. How GDPR is relevant to Beeketing
GDPR imposes different obligations on controllers and processors of data.
- Data controllers: the entity which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Data processors: the entity which processes personal data on behalf of the controller.
While Beeketing has the responsibility to make sure that the way we process data collected from your buyers needs to comply with GDPR, merchants who are providing service in EU or having EU customers, are also required to comply with GDPR independently from Beeketing.
3. How GPDR affects merchants
The GDPR gives certain rights to identified or identifiable persons (referred to as data subjects). These include the right for buyers to request:
- Deletion (erasure) of their personal data
- Correction (rectification) of their data
- Access to their data
- An export of their data in a common (portable) format.
For merchants who are operating businesses in EU or having EU customers, there are a few changes you need to take actions:
- Evaluate GDPR fully and have a complete understand of how it affects your business
- Have consent from your customers that you can collect and process their data in ways that comply with GPDR
- Have a way for customers to access and control over their personal data
Sign a DPA with Beeketing upon your request:
As a data controller under the GDPR, Article 28 requires that when you engage a data processor (like Beeketing) to process your customers’ data, you impose strict contractual requirements on how they may use and process that data.
This is typically done through a Data Processing Addendum, or DPA. If you want to sign a DPA with Beeketing, please contact us at firstname.lastname@example.org, our agent will support you.