It’s official! The European Union’s new privacy regulation, General Data Protection Regulation went into effect on the 25th of May. 365 Retail Markets has taken steps to ensure that your business is compliant and your customer’s privacy is protected. Here are a few things to note:
Changes That Affect Your Business
You should have received a Data Protection Impact Assessment last week, which will show you what 365 is doing to comply with all of the GDPR regulations. In addition, you also received an assessment form to complete to detail how you are using your customers’ data.
Changes That Affect Your Customers
- Upon logging into their account, either via the kiosk, 365Pay mobile app or My Market Account user portal, they’ll see a pop up notice of the change that they will have acknowledge that they read.
- Users can now send a request to the Data Protection Officer at firstname.lastname@example.org to invoke the rights mentioned below.
Customer Rights Under GDPR
Right of Access
Establish transparency in how you collect and process personal information. Copy of this data is to be provided free of charge by the controller.
Customers are to be informed of a data breach within 72 hours of breach discovery or without undue delay after the controller being made aware.
Right to Be Forgotten
If you do not agree with how your personal information is stored, processed, or shared, customers have the right to submit a request to the Data Protection Officer and have it erased.
As a note, once the Customer Name has been “forgotten” and any funds returned, reports within ADM will no longer show the customer information. However, transactions and monetary tracking will remain.
Submitting a request to the Controllers Data Protection Officer allows customers the right to their data and to transfer that data to another controller.
Privacy by Design
Technical and organizational measures must be effective in order to meet the requirements of this Regulation and protect the rights of customer.
Data Protection Officer
Employee whose job is to monitor Controllers compliance with GDPR. Doing so requires that all customer rights are met.
Ignoring GDPR is not an option for any company that handles personal data for citizens in the European Union. As cyber security becomes an increasingly larger concern in our society, taking these additional steps will help to protect your business and you customers’ data from theft.
If you have any questions or need assistance with the GDPR transition process, please contact us at email@example.com. We are here for you.”