Rethink Commerce Blog

2Checkout Is GDPR Compliant. Here’s What That Means

Posted on May 10th, 2018 by

As you probably already know, the General Data Protection Regulation (GDPR) will come into effect on May 25th, 2018. We have been working on GDPR for months and are proud to say that on May 25th 2Checkout will be fully GDPR compliant.

Our focus is to process payments securely and efficiently whilst adhering to the latest changes and updates with the payments industry and to EU regulations. This post is meant to highlight the key principles of GDPR and 2Checkout’s recommendations to our merchants to help you meet your GDPR obligations.

What is GDPR Compliance?

We’ve covered this in previous articles, but because it’s so important, let’s hear it again. The General Data Protection Regulation (GDPR) is an EU-wide regulation for the protection of European citizens’ data that comes into force on 25th of May 2018 and all companies that collect such data will need to comply with it. It establishes a set of compliance and security processes around managing personally identifiable information so that it is not misused. Currently, there is no certification or license required or available for GDPR.

How Are We Preparing for GDPR?

2Checkout has been working towards becoming compliant for many months and is in the final stages of that process. 2Checkout will be GDPR compliant by May 25th, 2018. Since it is a complex process, it takes time and involves mapping, assessing, planning and implementing changes throughout the company. We are working with subject matter experts and consultancy firms to support us in the process.

For a detailed list of the steps we are taking, as well as the platform updates we are making, please visit our GDPR Page and FAQs.

Also, we will update the following documents: Data Privacy Provisions and Privacy Policy and we will share them with you in the coming weeks.

How GDPR Impacts Your Business

If you sell to European citizens, you will need to make sure that both you and all your partners (that have access to private data) are GDPR compliant by May 25th, 2018.

If you are a 2Checkout or Avangate client – please note that for the data you collect outside of our systems – 2Checkout or Avangate Platforms – you must be GDPR compliant as well. The information in this article does not provide legal advice and should not be used as such. For in-depth knowledge adapted to your business we recommend you consult with the appropriate legal counsel.

Security and Compliance is Key for Us

As a reminder, all 2Checkout (formerly Avangate) services are PCI DSS Level 1 certified (Payment Card Industry Data Security Standard). PCI DSS is the most important security standard for the card payment industry and includes a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

We also have a variety of other security standards we comply with: ISAE 3402 and SSAE 18, Safe Harbor US-EU/EEA and Switzerland, 3-D Secure merchant protection, VeriSign certificate for secure SSL (Secure Socket Layer) orders, BBB Accreditation.

Other GDPR Resources

If you need more info about what you can do to be GDPR compliant please read the resources below:

Please visit our GDPR page and FAQ for more details on what 2Checkout has done to comply with GDPR.

0.00 avg. rating (0% score) - 0 votes
Vote:
0.00 avg. rating (0% score) - 0 votes

Eugen Marinescu

Senior Legal Counsel

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.