As GDPR launches today, Brent Crider illustrates the requirements for the regulation and how it impacts organizations processing cross-border payments. Vendors managing payroll or freelancer payouts enterprises must be extra vigilant about GDPR compliance, as they store a wealth of personally identifiable information that accompanies such payment types.
On May 25, the EU’s General Data Protection Regulation (GDPR) will radically alter the cross-border payments landscape. The mandate has vast and sweeping compliance implications affecting how global financial institutions process and move data across borders, including data attached to capital transactions. The scale of this impact is compounded further by directives to give consumers more power and control over how their information is stored and protected at organizations.
Cross-border payment providers that help companies manage international transactions must adapt their service to these jurisdictional changes around data security, both for themselves and as a watchdog for their clients. GDPR requires thorough reviews of providers’ data protection management systems and clients’ territorial scope, not to mention the rollout of new privacy policies and the appointment of a Data Protection Officer.
What are the requirements of GDPR?
GDPR’s application to European citizens’ personal data, regardless of which jurisdiction the company operates in (e.g. in the US), demands extensive research into how effective compliance is maintained when transacting between different territories.
Under the regulation, consumers must provide explicit consent for companies to hold, process, and retain their personal information. This includes, but is not limited to, protection from unauthorized or unlawful processing, accidental loss, or damage. GDPR’s provisions also introduce the concept of ‘data transferability,’ which gives clients the right to receive their personal data on-request.
Vendors that manage payroll or freelancer payouts for their enterprise clients must be particularly vigilant about GDPR compliance, given the wealth of personally identifiable information that accompanies these types of payment. Human resources and payments professionals who process employee salaries manage sensitive details, including Social Security numbers, bank account numbers, addresses, phone numbers, and other tax information.
Not only do cross-border payment service providers need to familiarize themselves with the nuances of GDPR for their clients’ protection, they must evaluate their own compliance capabilities as well. Under the new directive controllers and processors are both learning that they are not exempt from GDPR enforcement. What remains up for debate, however, is the correct preparation process for this unprecedented regulatory change.