As you probably already know, the General Data Protection Regulation (GDPR) will come into effect on May 25th, 2018. We have been working on GDPR for months and are proud to say that on May 25th 2Checkout will be fully GDPR compliant.
Our focus is to process payments securely and efficiently whilst adhering to the latest changes and updates with the payments industry and to EU regulations. This post is meant to highlight the key principles of GDPR and 2Checkout’s recommendations to our merchants to help you meet your GDPR obligations.
We’ve covered this in previous articles, but because it’s so important, let’s hear it again. The General Data Protection Regulation (GDPR) is an EU-wide regulation for the protection of European citizens’ data that comes into force on 25th of May 2018 and all companies that collect such data will need to comply with it. It establishes a set of compliance and security processes around managing personally identifiable information so that it is not misused. Currently, there is no certification or license required or available for GDPR.
2Checkout has been working towards becoming compliant for many months and is in the final stages of that process. 2Checkout will be GDPR compliant by May 25th, 2018. Since it is a complex process, it takes time and involves mapping, assessing, planning and implementing changes throughout the company. We are working with subject matter experts and consultancy firms to support us in the process.
For a detailed list of the steps we are taking, as well as the platform updates we are making, please visit our GDPR Page and FAQs.
If you sell to European citizens, you will need to make sure that both you and all your partners (that have access to private data) are GDPR compliant by May 25th, 2018.
If you are a 2Checkout or Avangate client – please note that for the data you collect outside of our systems – 2Checkout or Avangate Platforms – you must be GDPR compliant as well. The information in this article does not provide legal advice and should not be used as such. For in-depth knowledge adapted to your business we recommend you consult with the appropriate legal counsel.
As a reminder, all 2Checkout (formerly Avangate) services are PCI DSS Level 1 certified (Payment Card Industry Data Security Standard). PCI DSS is the most important security standard for the card payment industry and includes a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
We also have a variety of other security standards we comply with: ISAE 3402 and SSAE 18, Safe Harbor US-EU/EEA and Switzerland, 3-D Secure merchant protection, VeriSign certificate for secure SSL (Secure Socket Layer) orders, BBB Accreditation.
If you need more info about what you can do to be GDPR compliant please read the resources below:
Please visit our GDPR page and FAQ for more details on what 2Checkout has done to comply with GDPR.