GDPR compliance advice

GDPR – concerning Direct Debit payments.

Data Protection Changes coming via GDPR.
On 28th May 2018, the Data Protection Act – GDPR – is being updated by European legislation known as the General Data Protection Regulation. It essentially governs the permission, storage and use of personal data.

The GDPR applies to any organisation that conducts business within the EU and as we are still part of the EU, this applies to all legal entities from this May. Brexit may change the legislation but until then we feel it is safer to comply with this directive now.

This document discusses GDPR in terms of Direct Debit payment collection only, but the full scope is much wider than this as it relates to any personal information held by a company.
TERMINOLOGY
Data Controllers
These will usually be the public-facing entities that data subjects apply their information to. This will be the point at which you collect a customer’s personal details in relation to setting up a Direct Debit. You may collect details via paper, over the phone, online, store it in your own CRM and billing systems as well as entering into an online Direct Debit system.
Data Processors
The organisation which processes personal data on behalf of the data controller.

Continue Reading…