The General Data Protection Regulation (GDPR) applies to all organizations that handle data on EU citizens — regardless of where the organizations are based.
The GDPR was introduced to standardize the way data is stored and protected in EU member countries. This wide-ranging set of regulations also aims to give consumers more power over their own data.
Any data that can be used to identify an individual is regarded as private under the terms of the GDPR — including street addresses, IP addresses, shopping habits, images, email addresses and financial information.
Direct Commerce and its customers have an obligation to comply with the GDPR with regard to EU citizens. We have taken steps to ensure that our software solutions abide by all of these new data privacy requirements — whether it’s with regard to controller-processor relationships or the DCI users themselves.
We are fully committed to complying with all of the requirements detailed in GDPR and, while the GDPR is a complex and comprehensive document, we view our responsibilities in the following ways:
Retaining Accurate Records
The GDPR stipulates that data processors must present a full and accurate report of the data held on individuals when it is asked for. Failure to comply can result in significant fines.
Keeping Data Safe
All data processors must, under the terms of the GDPR, take the necessary measures to ensure an individual’s data is stored safely — and protected from loss, theft and fraud. DCI takes this matter very seriously by employing the use of stringent data protection processes.
Collecting Relevant Data
The GDPR stipulates that there must be a valid reason for the collection of personal data. Data processors need to demonstrate the reason for data collection.
Data Collection Consent
Crucially, express consent from individuals must be granted before their personal data can be collected and stored. This consent can be withdrawn at any time — a process for which there should be a very clear and transparent process.
At Direct Commerce, we are confident that all of the GDPR requirements are satisfied by our fully compliant supplier software solutions — keeping your operations compliant too. This is why we have appointed a data protection officer — responsible for monitoring compliance and the efficacy of our data protection measures.