The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018.
It requires no enabling legislation so automatically becomes binding and applicable on that date.
The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.
The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
We understand and respect the importance of protecting data and staying up to date with the latest compliance responsibilities. NetPay already has PCI-DSS (level 1) compliance, which is the highest level compliance and requires regular external auditing.
NetPay will be complying with the GDPR as a processor and controller of data.
We have developed a GDPR policy, which all employees have been trained to follow, and which will be reviewed regularly.
NetPay already has a strict regime with regards to the treatment of data, such as retention and shredding, in order to comply with the Data Protection Act.
No data is retained or obtained unless legitimately required to enable a service, comply with lawful requirements or to enable a payment to be made. All information obtained is treated with integrity and confidentiality at all times. This includes offline and electronically stored data.
Where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers, including resellers, are complying with GDPR.
Our technology platforms, including Revolution, are regularly scrutinised and tested to check that their operation has the highest level security.
We have appointed a Data Protection Officer, who should be contacted in the first instance if you suspect a breach has occurred or have any questions relating to our GDPR policy.