Welcome to WebmasterWorld Guest from 52.91.176.251

Forum Moderators: webwork

Message Too Old, No Replies

GDPR and payments

     
9:55 am on Apr 27, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


The European Payments Council has published an infographic setting out the main ways in which the GDPR) will affect payments and service providers.

[europeanpaymentscouncil.eu...]
1:49 am on Apr 28, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


My PSP is has issued a notice of compliance.
6:21 am on Apr 28, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


Effective Date: May 25, 2018 if you use PayPal as your PSP, PayPal insists you include this statement in your site's Privacy Policy:
All PayPalŪ transactions are subject to the PayPal Privacy Policy.
I link the text "PayPal Privacy Policy" to the PayPal Privacy Policy page: [paypal.com...]
8:33 am on May 3, 2018 (gmt 0)

Junior Member from GB 

10+ Year Member Top Contributors Of The Month

joined:May 24, 2006
posts: 89
votes: 5


I sell (memberships to my website) using Paypal and Stripe to take payments.

As I understand it, PSPs are entitled to process personal data "to ensure the performance of a contract", as long as data is

* processed legally and appropriately and with a clear view of how the information will be used;
* collected for specified, explicit and legitimate purposes;
* relevant and limited to the respective purposes;
* accurate and kept up to date;
* retained for no longer than is necessary for the relevant purposes;
* only processed if kept appropriately secure.

As Paypal and Stripe will be regarded as Processors I need to

i) ensure that they are complying with GDPR
ii) have a written contract with each of them setting out obligations etc

Stripe has a comprehensive page on GDPR and states that they are working to comply and update contracts:
[stripe.com...]

I've searched Paypal and find no statement of GDPR compliance as yet, but after much searching I found this, which also takes effect on 25th May and seems to embody GDPR without actually mentioning GDPR!

[paypal.com...]

There is also the update to the Privacy Policy to take effect on 25th May mentioned above.

I guess I will just have to hope that both Stripe and Paypal will come up with some means of getting a "written contract" before 25th May.
8:45 am on May 3, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


I've searched Paypal and find no statement of GDPR compliance as yet
The link I gave above is it. What's in effect now is their old privacy statement. This new one goes into effect on May 25 and I assume will overwrite the current one.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members