To put it simply, GDPR stands for General Data Protection Regulation. A new law passed by the EU all the way back in 2016, but only coming into effect this May (hence the e-mails notifying you of it). The bill prides itself as being “the most important change in data privacy regulation in 20 years”. It definitely deserves that title. Under the GDPR, companies serving EU clients can no longer just take whatever data they like, then store or sell it any way they want. Under Article 25 of the GDPR, a company must only ever obtain the bare minimum of user data (with e-mail, phone number, address, health record, even your name all falling under that definition) required to adequately fulfill the service that it provides.
For example, if you sign up for a website that requires your phone number and that’s not something required for, say, logging in or 2-step verification, that website is legally prohibited from storing it and must erase it, alongside all irrelevant data it’s collected on you. While tighter controls over personal data collection are GDPR’s main goal, the regulation helps consumers in smaller ways too, such as requiring companies to notify affected clients within 72 hours in case of a data breach that may have compromised their information. If a company refuses, then they’ll be subject to strict warnings and fines from the EU itself.
What we do?
With all that in mind, a good question is: does this affect myPOS at all? And the short answer is yes, absolutely! As a financial institution, law requires myPOS to collect a bit more information than most. If you’ve chosen to work with us, you may remember having to provide us with things like receipts, records of expenses and other pieces of information. In accordance with the GDPR, we will not store any personal data you provide us with (for example information on a receipt) that’s irrelevant to our inquiries and only store information that is either necessary for our business relationship or mandated by a different regulation. Furthermore at myPOS we are fully GDPR-compliant and we even have a Data Protection Officer who makes sure this is always the case.
myPOS has always ensured to retain its clients’ privacy and delete all personal data soon after it ceases its function. While our intentions to continue doing so haven’t changed one bit, and wouldn’t have changed even if the GDPR didn’t come into effect, the fact that the EU is now closely monitoring how we and other companies serving the European market handle personal data is a big win for the average consumer. So you can rest assured your personal data is safe with us.