GDPR Is a new set of European regulations that came into effect on May 25th, 2018. These regulations aim to strengthen the security and protection of personal data gathered from EU citizens, even by companies outside of the EU - like Spreedly.
There are three components to GDPR that we want to make you aware of as we move towards the effective date and beyond:
Additionally, there is an aspect of our interaction with this new regulation that should be called out:
One unique and critical dynamic is our role as a pass through for transaction processing. The majority of our customers typically use Spreedly as a means to send transactions to third party API end points. The benefit of Spreedly is that today there are nearly 300 supported end points, with more added all the time and switching or adding end points is seamless and within your control.
After consulting with industry and legal experts, we want to highlight that with that control comes the responsibility, or if you’re a platform/marketplace then it is your merchant’s responsibility, to ensure that the end points you interact with are also GDPR compliant. The burden here should be low given the general need already exists to have a commercial relationship with end points you pass data to for transacting. Working with them to add GDPR certification should be one more element to your overall relationship.
Put simply, if you only use Spreedly to store and tokenize data then our GDPR compliance should suffice. If you also use our platform to direct transactions against end points you’ve contracted with, you need to work with them to ensure they too handle data in a GDPR compliant manner. If you are a platform that uses Spreedly to allow your customers to direct transactions on your platform via us, then you need to inform them to ensure they have an agreement with that end point, in addition to yours, for end to end GDPR compliance.
Spreedly is GDPR compliant effective May 25th 2018, and will maintain GDPR compliance for all the processors and sub processors in our technology stack where we decide on your behalf how data will be processed.
Contact Us and we'll get your questions answered.