24 March 2021
Since 25 May 2018, businesses collecting and processing personal data online have had to abide by the General Data Protection Regulation (GDPR). If you are based in the European Union or have clients who are, you need to comply with this text. Aiming to standardise European legislation and consolidate user rights, the GDPR directly affects marketplaces. How can you make sure you’re following the rules? Here are our tips.
First name, surname, email address, IP address, bank details, phone numbers… Under the GDPR, any collected and/or stored information that identifies an individual is deemed to be personal data. This European law aims to guarantee more citizen rights when it comes to personal data:
Appraising existing data processing, creating a register of processing activities, undertaking a privacy impact assessment (PIA), introducing a security framework, safeguarding contractual relationships with partners, appointing a Data Protection Officer (DPO)… To abide by the GDPR, you need to introduce certain processes to reinforce the duties and responsibilities of all data processing stakeholders. And it’s important to take these rules seriously. Fail to comply with the GDPR, and a company could be fined up to 20 million euros or 4% of its global turnover.
Marketplaces have to process personal data in order to facilitate transactions between buyers and sellers. To abide by the GDPR, marketplace operators should first make sure they get consent from users to process their personal data. A simple and unequivocal phrase should be used. You must tell users which types of data are collected and the reasons why, explaining what it will be used for. Marketplace operators should also be able to prove that informed consent has been given freely, so no pre-ticked boxes are allowed. Good practice:
Also ensure your business ecosystem is secure. At the very least, marketplace operators are responsible for jointly processing personal data with third-party services on the platform. Given that the GDPR has made stakeholders more responsible, you need to make sure your subcontractors are following its rules.
Also ensure your platform payment service provider (PSP) is abiding by it. Lemonway is a pan-European payment business that has introduced all the measures required to comply with the GDPR and its interpretations in each nation of the European Union. GDPR, PSD2, AML/CFT… Partnering with business to ensure conformity, Lemonway is at the forefront of legislation compliance. Contact us to learn more!
Making sure that your marketplace attracts more and more visitors is a major challenge for the...Read more
The preservation of the environment and natural resources is gradually becoming a major issue, both...Read more