GDPR Compliance Statement
2Checkout will be GDPR compliant by May 25th
Our customers' right to privacy is a main priority for 2Checkout and because of this, compliance with and to international law and regulations are core values. Our focus is to process payments securely and efficiently whilst adhering to the latest changes and updates within the payments industry and EU regulations.
Establishing the Governance Structure
- Build the GDPR compliance initiative with a dedicated focus group
- Appoint a Data Protection Officer (DPO) in an independent role
- Conduct an assessment on product and business impact
- Initiate the internal Privacy and Security Awareness program
- Conduct Data Protection Impact Assessment (DPIA) [Internal]
- Conduct Data Protection Impact Assessment [External]
Updating Policies and Procedures
- Data protection policy
- Data retention policy
- Information security policy
- Data breach and incident response plan
- Risk management framework to assess and manage threats across the organization that also takes into account personal data
- Embedding of personal data protection requirements within contracts and agreements with third-party service providers and merchants
Embedding and Implementing Data Privacy into Operations
- Conduct a data mapping inventory and analysis of data in our systems
- Establish procedures and policies to restrict processing of personal data
- Set up automatic mechanisms to automatically track the flow of personal data within and outside our systems
- Set up privacy dashboard for shoppers
We are committed to transparency, control and accountability. For any questions regarding GDPR please forward your inquiries to firstname.lastname@example.org.
On May 25th 2Checkout will be GDPR compliant. Please note that for the data you collect outside of our systems - 2Checkout or Avangate Platforms - you must be GDPR compliant as well.
We will keep you informed on the GDPR compliance process.