Here at SimplyPayMe we understand the importance of security and staying up to date with our compliance responsibilities in order to best protect all the businesses around the UK using SimplyPayMe to run their business. Our CFO and Data Protection Officer, Angela Swift, has put together a short summary of what GDPR is and how we are preparing for when it becomes enforceable on May 25th, 2018. We will also be writing a separate article on how you can prepare as a small business or sole trader so you don’t risk getting a hefty fine from the EU.
What is GDPR?
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
SimplyPayMe believes GDPR is therefore an opportunity to ensure stronger data protection and privacy for the benefit of all. As a Controller of users’ personal data, SimplyPayMe is committed to data security and respecting the users’ rights under the GDPR.
What steps is SimplyPayMe App taking?
SimplyPayMe will be implementing further technical and organisational measures and is committed to ensuring that our platform is GDPR-compliant when the regulation becomes enforceable on May 25, 2018.
A Data Protection Officer has been appointed and all staff are receiving GDPR compliance training. All new products and extensions will be adopting Data Protection by Design principles with Product Impact Assessments within our development cycle. We are establishing processes for mapping all data, incorporating encryption, ensuring strictly limited data access and on-boarding 3rd Party Suppliers within a GDPR framework. With ownership of personal data key to GDPR we will be facilitating user requests in a seamless way to delete, modify or transfer their data.
A set of Company GDPR Procedures and Policies will be put in place and circulated to all stakeholders.
We will be updating our Terms & Conditions and Privacy Statements to meet GDPR requirements.