Paying thru credit card is very common nowadays. That is why it is necessary for merchants to get a credit card processing merchant account that will serve as the payment gateway to receive card payments. Data information is required to process each and every credit card transaction. There are different data levels of the credit card transaction.
General Data Protection Regulation or GDPR which was adopted in 2016 becomes effective last May 25, 2018, and is surely to have worldwide implications. GDPR is a regulation established by the European Parliament and Council that is set to protect how personal information of data subjects or EU customers are gathered and processed. It empowers EU customers of controlling their personal data by having the right for their data to be erased.
So how and who will be affected by the implementation of GDPR.
The personal data identified includes the name of the person, credit card number used, location data, IP addresses, user-generated content from social media, or any online identifier of the person.
GDPR is set to replace the EU Data Directive which can now be considered inadequate to deal with current challenges because it was established in 1995 during the early days of the internet. Guidelines are established in the new legislation on how companies must handle customer privacy, secured storing of date and how to properly respond to security breaches. A unified standard is offered across Europe so that the companies should worry about dealing with different country regulations. GDPR also addresses the processing of EU citizens that are not based in the EU.
Certainly, GDPR will affect online credit card processing. Merchants must strictly follow the set rules and policies.
1. Data subjects can request for full transparency and full access to data generated from them. They may inquire for how long the said data are to be processed. When requested, merchants must comply within one month or coordinate with the EU customer and explain as to how their request cannot be fulfilled.
2. An EU customer can request to erase his personal data from data processing. This can be done provided that the ff conditions are met.
3. There will be restrictions on how personal data are processed; consent must be given by the data subject.
4. All data processed should be provided when requested in machine-readable format and should also be transferable.
5. Personal data must be secured during data processing and must meet the following criteria to be considered secured.
The purpose of the data processing must be specified and consent must be provided for each one. Chargeback processing is not significantly affected and can still be considered lawful provided that it meets at least one of the following conditions.
EU countries are still in the process of introducing more specific provisions related to GDPR and it is advisable to wait and review these provisions together with the country’s data regulation. As this is simply an evolution of the regulations that are placed in to protect consumer privacy and standardizing the existing best practices across multiple countries. It provides a more consistent, clearer guidance and less cross-border confusion for merchants among EU countries and also helps non-EU businesses to identify how the law in EU matches with their own country’s law.
To find out about iPayTotal’s merchant services for credit card processing merchant account, speak with a live representative directly at +44 800 776 5988 or get in touch with us through our website.