Disclaimer: We encourage you to seek legal advice and review the GDPR yourself, as it’s ultimately your responsibility to ensure you are compliant with the GDPR. This post should not be taken as legal advice.
The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will impact how businesses process and handle data, coming into effect from 25 May 2018.
Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of citizens of the EU.
Australian businesses need to determine whether they need to comply with GDPR, and if so, take steps to ensure their personal data handling practices comply with the GDPR.
This may include adjusting how you collect data—GDPR requires you to clearly request consent when collecting data.
The GDPR requires every business to allow any EU citizen (whom the business is storing personal data pertaining the EU citizen) to:
Neto has the ability to both give merchants this data and anonymise this data, on request. This request needs to be made to Neto, by the merchant. In the event of a request, we will provide the merchant with the requested data.
Keep in mind that when shoppers make these requests, they are not just talking about the data that Neto hosts. You will need to review all places where you store personal data, such as any analytics tools you may use or any third-party integrations.
Again, it is your responsibility to ensure you are compliant. Neto cannot provide additional advice on acquiring or anonymising data from external parties.
We take our responsibilities under the new GDPR legislation seriously. That's why we have undertaken a program of work to assess what effort is needed to be compliant with GDPR.
Here is a quick summary of the work we have done:
This post was updated on 24 May 2018 to reflect the availability of the relevant tweak documentation.