Some years, April showers bring May flowers. This year, they’ve brought May compliance deadlines.
Last week, it was FinCEN’s new beneficial ownership rules. Now, the General Data Protection Regulation (GDPR) – the new set of European data privacy standards – goes into effect next week.
This broad set of rules affects companies doing business with European citizens. It strengthens and aligns data privacy rules across the European Union’s member countries.
Normally a new set of privacy rules might be somewhat obscure, known mostly to businesses’ compliance teams. But GDPR is receiving wider mainstream attention on the heels of data privacy concerns swirling around companies such as Facebook.
Tim Buckingham told PaymentFacilitator earlier this year that GDPR will likely affect payment facilitators across three areas. Buckingham is co-founder of Payment Services Consulting, a U.K. firm that provides legal, compliance and risk advice to the payments industry.
Many PFs handle personal data associated with their employees and submerchants and as part of processing transactions, he said.
Compliance for PFs operating in Europe will include updating forms and contracts to be sure they are obtaining proper consent. It will also include developing an understanding of where any personal data is stored and making sure they are able to delete it upon request, Buckingham said.
Larger PFs with dedicated data protection staff may be handling the responsibilities in-house, but smaller PFs may have had to rely on outside help from consulting companies to help them understand their responsibilities and implement recommendations.
Regardless of where the expertise comes from, this is a responsibility that is requiring some investment, Buckingham said.
“I think we’ve set the bar higher in Europe, so that anyone who contracts with a European entity is probably going to have to spend a bit of money to get their service up to speed,” he said.
The European Commission has a web site dedicated to the regulation, with guidance documents to help businesses prepare.