Welcome to Swiss Vans GDPR
Please use this as a guide
Re: COMPLIANCE WITH THE GENERAL DATA PROTECTION REGULATION
On May 25th 2018, the most comprehensive change to privacy legislation ever undertaken —the EU General Data Protection Regulation— takes effect. The new regulation will affect all EU-based merchants, as well as global merchants that market and sell to individuals, aka “data subjects,” who are located in the EU.
As such, we wanted to share our point of view on GDPR as well as provide transparency concerning changes Swiss Vans is making to help both our sales and your customers transparent
Ultimately, GDPR compliance is the responsibility of every business that sells in the EU — regardless of where it is based. BigCommerce has been preparing for GDPR for the last year; however, we suggest that every BigCommerce customer consult legal experts and any third-party vendors (including apps in the BC app marketplace) that may touch customer data to ensure they have sufficient privacy controls in place in advance of the May 25, 2018 deadline.
On May 25th 2018, the most comprehensive change to privacy legislation ever undertaken —the EU General Data Protection Regulation— takes effect.
Who is affected by this new law?
The new regulation will affect all EU-based merchants, as well as global merchants that market and sell to individuals, aka “data subjects,” who are located in the EU.
What are the possible consequences of non-compliance?
One of the major changes to the GDPR, which replaces the Data Protection Directive, is the addition of fines for non-compliance. These financial penalties can be quite severe. Fines are divided into two categories:
- Violations relating to Data Subject rights, or core tenets of the GDPR, and
- Violations to the supporting tenets.
A violation of the core tenets can receive a fine of up to €20 million or 4% of global revenue whichever is higher, while a violation of the supporting tenets can receive a fine up to half of that amount.
Additionally, the fines don’t prevent civil action being taken by the affected Data Subjects, nor is the fine the only avenue of action that can be taken by the DPA.
Data Subject . The individual about whom information is being processed, such as the employee of a company or the customer of a retail or online store
Data Protection Authority. The official body that ensures compliance with the data protection laws and investigates alleged breaches of laws and provisions
Data Controller An entity that controls the use of personal data by determining the purposes for its use and the manner in which the data will be processed
Data Processor. An individual or organisation that processes data on behalf of the data controller. A data controller can also be a data processor
Appoint a Data Protection Leader
Appointing a single employee to lead your data protection efforts is a great first step, which may even be required by the EU GDPR under Article 37 can often be helpful.
A Data Protection Leader is an individual within your organization designated to ensure compliance with regulatory requirements. Appointing a Data Protection Leader now will provide you clarity moving forward concerning critical data privacy functions, such as who will accept and carry out Data Subject Access Requests, as well as who will work with Data Protection Authorities if a Data Privacy Breach ever occurs.
Manage the compliance of your vendors
If you transfer personal data to vendors–and you do, Swissvans is one of your vendors–those third-parties need to be as compliant as you. You have an obligation to use the vendors that can provide guarantees to meet compliance with the GDPR.
At Swissvans, we are working hard to meet and exceed the privacy standards required by the GDPR. While all our servers are located in the US, we are participants in the EU-US Privacy Shield Framework.
Create an Inventory of your Data Processing Activities
Under the GDPR, every business is responsible for knowing how data is collected, processed, and disseminated by their organization. As such, it is advisable to document these activities.
This guidance is intended to help you document processes related to data management through Swissvans; however, data processing outside of the platform should also be documented.
Update your privacy notice, be transparent and specific.
Once you’ve documented how your business is processing personal data, the GDPR specifies that your must be transparent about it to your customers.
Protecting personal data
Personal data is at the core of the GDPR. The regulation includes specific requirements regarding how businesses must protect the personal data they collect and use.
At Swiss Vans our security team is fully committed to ensuring that the data that transits to our platform is protected at any stage. Additionally, as a component of our ongoing commitment to data security.GDPR 1