What is GDPR Compliance?
Our Commitment Towards GDPR
Our customers' right to privacy is a main priority for 2Checkout and because of this, compliance with and to international law and regulations are core values. Our focus is to process payments securely and efficiently whilst adhering to the latest changes and updates within the payments industry and EU regulations.
Our commitment: 2Checkout will be GDPR compliant by May 25th
How are We Preparing for GDPR?
Establishing the Governance Structure
- Build the GDPR compliance initiative with a dedicated focus group
- Appoint a Data Protection Officer (DPO) in an independent role
- Conduct an assessment on product and business impact
- Initiate the internal Privacy and Security Awareness program
- Conduct Data Protection Impact Assessment (DPIA) [Internal]
- Conduct Data Protection Impact Assessment [External]
Updating Policies and Procedures
- Data protection policy
- Data retention policy
- Information security policy
- Data breach and incident response plan
- Risk management framework to assess and manage threats across the organization that also takes into account personal data
- Embedding of personal data protection requirements within contracts and agreements with third-party service providers and merchants
Embedding and Implementing Data Privacy into Operations
- Conduct a data mapping inventory and analysis of data in our systems
- Establish procedures and policies to restrict processing of personal data
- Set up automatic mechanisms to automatically track the flow of personal data within and outside our systems
- Set up privacy dashboard for shoppers
We are committed to transparency, control and accountability. For any questions regarding GDPR please forward your inquiries to firstname.lastname@example.org.
On May 25th 2Checkout will be GDPR compliant. Please note that for the data you collect outside of our systems - 2Checkout or Avangate Platforms - you must be GDPR compliant as well.
We will keep you informed on the GDPR compliance process.
GDPR Compliance FAQs
Is personal data processed outside EU countries? If so on what legal basis and where outside of the EU?
If you sell to European citizens or European residents you will need to make sure that both you and all your partners (that have access to private data) are GDPR compliant starting May 25th. The great news is that at least one of your partners already is: 2Checkout (formerly Avangate).
Please note that for the data you collect outside of our systems − 2Checkout or Avangate Platforms − you must be GDPR compliant as well. The information in this mail does not provide legal advice and should not be used as such for in depth knowledge adapted to your business we recommend you consult with the appropriate legal counsel.