A while back, we logged on to the website of one of our European merchants, for whom we provided an e-commerce payment processing solution about two years ago. The second we logged on, a small pop-up window appeared notifying the consumer that the website uses cookies, which are small files of data from a website stored on the viewer’s computer. There was a button to click to accept, and we did.
That popup window is a sign of the times. The new age of data protection is upon us, and it couldn’t come at a better time: Personal data – social security numbers, health insurance information, e-mail logins and passwords – is worth 10 times more on the dark web than credit card data.
Compliance for the General Data Protection Regulation (GDPR), passed by the European Union in 2016, will take effect May 25, 2018. It was a significant piece of the seminar ‘What does the payments industry need to prepare for over the next 12 months?’ which we attended at PayExpo Europe earlier in October.
This is where we’re headed, and it’s a good thing. The GDPR is going to make e-commerce merchants and those who handle sensitive consumer data better at their jobs.
The GDPR is good for e-commerce payment processing
At its very core, the GDPR is strengthening basic privacy and data protection rights of European consumers. Thus, the end result is an increasing level of consumer trust in e-commerce merchants and e-commerce payment processing — something that can never be over-abundant. While the appointment for a data protection officer applies to many large, information-driven businesses, small businesses who do not rely on data processing are exempt from such. The GDPR also strengthens a consumer’s right to erasure (the right to be forgotten) from the controller of data.
A warning for European merchants in breach of the GDPR
While we are a big proponent of GDPR compliance for European e-commerce, the fines levied for a breach of such can be heavy – as much as 10,000,000 euro or 4 percent of the annual revenue of the offending party. Even a sum of 4 percent can be a crippling blow to an e-commerce business.
Article 83 of the GDPR states that the nature and gravity of the penalty, as well as the number of consumers offended, will be considered on a case-by-case basis.
Important: The GDPR extends beyond Europe
The GDPR is not just confined to companies, businesses and organizations throughout the EU. All parties that offer or sell goods and services to and maintain the personal data of individuals who live and/or work in an EU member state, regardless where the company is based. For example, a US merchant which manufactures and sells toy trains to consumers in Europe will be bound by the GDPR to protect the data of each European customer.
Secure e-commerce payment processing with Instabill
With a merchant account from Instabill, we match your business with the best acquiring banking solution we know that specializes in your industry. Our domestic and international banking partners also take the utmost security precautions when handling consumer data (or else we wouldn’t have partnered with them).
Find out more about our secure e-commerce payment processing solutions by speaking with a live merchant account manager at 1-800-530-2444.
excellent article and proves the good guys in the card industry are ahead of the game!