GDPR, or the General Data Protection Regulation, is at the top of everyone’s mind. It represents perhaps the single most significant movement to protect individuals’ data in history, applying to any organization that holds or uses data on people inside the EU, regardless of how big they are or where are they based. But what is GDPR, and how will it affect how your data is handled?
As a valued partner of LaterPay, we wanted to take this opportunity to address any questions that you might have around GDPR, its implementation, and the impact it might have on your business with LaterPay.
We will continue to update this factsheet as more information becomes available. In the meantime, if you have any questions that are not addressed below, please do not hesitate to contact us at firstname.lastname@example.org.
What is GDPR?
- On May 25, 2018 the General Data Protection Regulation will come into effect with the aim of strengthening individuals’ data protection rights and providing coherent legislation across the European Union’s member states.
- GDPR applies to the processing of personal data of all EU residents, independent from where the data controller or processor is established.
Is LaterPay GDPR compliant?
- LaterPay is determined to ensure full compliance with GDPR rules and regulations. As a company that is headquartered in Germany, we have always treated personal data very carefully and have maintained a high level of data protection.
- LaterPay has set up a regulatory program where a dedicated LaterPay team is working with an external data privacy consultancy to ensure GDPR compliance once the regulation comes into effect.
- This means that LaterPay has documented and investigated all processing activities related to our collection, storage and processing of personal data and we are currently in the midst of taking organizational measures to close identified gaps ahead of GDPR enforcement.
- We are also entering into Data Processing Agreements (DPAs) with all LaterPay service providers to make sure that they maintain adequate data privacy standards.
- In terms of data storage, LaterPay is already well prepared in that the company uses Amazon Web Services (AWS) for operational data storage. Amazon has a number of data protection certifications, including CSA and ISO 27001. Data is stored in the USA for web.uselaterpay.com and Germany for www.laterpay.net.
What do LaterPay merchants need to do?
- LaterPay merchants of course need to make sure that their own business operations, i.e. everything outside of LaterPay, are GDPR compliant.
- We are, however, preparing the LaterPay process for GDPR compliance, i.e. the purchase and payment process as well as the user management, which we handle directly.
- This applies to LaterPay merchants in the EU as well as in the U.S.
- Please note, that LaterPay only processes data where a legal basis for such processing is given and we only store data as long as it is required for the purpose it was collected, provided that there are no legal obligations to store said data further.
- LaterPay is, of course, also working to make sure that all our merchants’ personal data is similarly handled in a GDPR-compliant manner.