GDPR or the General Data Protection Regulation is a comprehensive new law that came into effect on May 25th, 2018 and applies to all companies that collect and process data belonging to European Union (EU) citizens, even, in some cases, if the business is conducted outside of the EU. This law is particularly important to American businesses that have an online retail website or an app that collects and processes the data of EU citizens.
Key areas of the GDPR law are privacy rights, data security, data control and governance. Luckily the law is identical across all 28 EU member states, and the United Kingdom has confirmed that they will retain GDPR as a national law after Brexit. So you need follow only one set of regulatory standards to ensure compliance.
How Should US Businesses Comply?
If your business accepts payment by credit or debit card, you must have a merchant account and a merchant account service provider in the US. Ensuring that you comply with the GDPR law is all about choosing a reputable merchant account service provider that complies with the EU-US Privacy Shield. By choosing a merchant account service provider that complies with all the requirements of the EU-US Privacy Shield, you will be able to continue doing business with customers who are EU citizens.
The Privacy Shield is voluntary in the USA, so it is up to you to ensure that your merchant account service provider has voluntarily committed to compliance and is certified annually per US law requirements. The merchant account service provider will also keep you updated on requirements that must be implemented on your website, if any, to ensure compliance. Compliance with the EU-US Privacy Shield affects information gathered on prospects and customers via your website, and this may require revisions of privacy and opt-in or opt-out policies on your site.
Being certified under the EU-US Privacy Shield will give your business a boost if you attract customers from Europe. But if your customers are based in the USA only, GDPR and the EU-US Privacy Shield has no impact on your legal compliance at this time.
What are the Benefits of Joining the EU-US Privacy Shield?
By voluntarily joining the Privacy Shield in the USA and agreeing to compliance, your business can freely trade with all European citizens without having first to confirm whether or not they are EU citizens. All EU requirements for prior approval of data transfers are automatically complied with, and you need provide no further proof of compliance with respect to these credit card transactions. In other words, your business can trade without interruption.
Whether your online business trades with customers in Europe or not, joining the Privacy Shield makes sense because you never know what opportunities might present themselves in the future. Even for local customers, knowing that your business takes privacy rights, data security, data control and governance seriously can only be a positive move. The Privacy Shield offers your business some formal protection and is a useful tool for GDPR compliance. It is also cost-effective, particularly for small to medium-sized businesses.
For more information about GDPR and how it affects your business, or to open a merchant account, please call (888) 924-2743 or go to Charge.com.