The last several weeks have been anxious for all of us. The frenzy leading up to the May 25 compliance deadline for the E.U.’s General Data Protection Regulation (GDPR) had many reaching for the panic button. Everyone seemed to be asking, what do we have to do? How do we do it? And what happens if we aren't compliant in time? The good news is that most of us can move away from that panic button.
In a nutshell, GDPR is a game-changing privacy law filled with a long list of regulations for handling data for consumers based in the E.U. The goal is to align existing data protocols while increasing the levels of protection for individuals, ultimately helping consumers gain a higher level of control over their data through a more transparent data collection and use process.
Let’s face it, complying with GDPR is no small task. You’ll have to rely on other parties to get you through the process, and make sure you remain compliant. But, rest assured, if you can show you’re taking action and the steps you have taken towards compliance, that’s a great start.
Now that the deadline has come and gone, we all can take a step back and breathe. If you still aren’t 100 percent compliant, you’re not alone. In fact, according to many reports, if you were compliant at the deadline you are in the minority. It’s true that anyone not fully compliant can face hefty fines, as high as four percent of worldwide revenue. This has led some organizations to take drastic measures. For example, two major newspapers in the U.S., the Chicago Tribune and L.A. Times, simply blocked E.U. users until the organizations are in compliance with GDPR. Facebook and Google in the U.K. met the deadline but were still hit with lawsuits seeking 8.8 billion in damages, claiming their updated policies didn’t go far enough to protect user data. You can see why panic might be the natural reaction. However, the bottom line is that making a good faith effort to take the steps necessary towards compliance is most important. For SegPay, those steps began with a full “Health Check” — evaluating all current policies and processes against GDPR guidelines. We’ve appointed our Data Protection Officer (DPO) to help make sure those policies and processes are compliant. We’ve registered with the U.K. Information Commissioner’s Office and signed up with Privacy Shield. We’re in touch with all third-parties with whom we share data, to ensure that our customer data is protected; for example, if a customer requests that their data be deleted, and it is eligible for deletion under our policies, that it’s actually deleted.
Protecting user data is what the GDPR is all about and the team here at SegPay takes it very seriously. For months, our employees have worked closely with a number of third-party experts to get us where we need to be.
Let's face it, complying with GDPR is no small task. You’ll have to rely on other parties to get you through the process, and make sure you remain compliant. But, rest assured, if you can show you're taking action and the steps you have taken towards compliance, that's a great start.
It took only three years for Cathy Beardsley to turn startup Segpay into a profitable company. As president and CEO, Beardsley oversees the day-to-day operations and long-term strategic planning for the company. Segpay is one of four companies approved by Visa USA to operate as a high-risk internet payment service provider in the U.S. Since 2005, Segpay has offered online merchants a state-of-the-art billing platform that provides realtime payment processing around the globe.