An introduction to GDPR
The General Data Protection Regulation is a European Union regulation to protect the manner in which the personal data of EU citizens is collected, used and processed. It will be enforced from 25 May 2018.
Despite being an EU-based law, the GDPR will affect companies globally. If your business is based within the EU, or you have customers based in the EU, you will need to be GDPR compliant. For more information on the GDPR click here
GDPR & LoyaltyLion
LoyaltyLion Ltd. started preparing for GDPR back in June 2017, well in advance of the May 2018 deadline.
LoyaltyLion Ltd. is referred to as a Data Processor within the GDPR legislation. Our responsibilities, therefore, pertain to that role. You can read more about these responsibilities in this article written by our GDPR lawyer.
LoyaltyLion Ltd. has already done the following GDPR recommended activities:
- High standards of record keeping
- Being registered with the ICO
- Employing a Data Protection Officer
- Has trained all employees on how to handle personal information
- Stores data within the EU
- Keeps records of people’s personal information up to date and not longer than necessary
- Has measures in place to keep the personal data we hold safe and secure
- Has processes in place so we can respond to request for personal information we hold
- Working with suppliers to help them adhere to GDPR regulations
It is important to note, that the definition of what it takes to be GDPR compliant has not yet been finalised and will continue to evolve. LoyaltyLion Ltd. will continue to update and refresh our data handling and processing practices to maintain high standards.
Data processed by LoyaltyLion
The Personal Data we process for your customers includes:
- Phone Number
- IP Address
- Date of Birth
The Non-Personal Data we process for your customers includes:
- Transactional Data
- Account Creation Date
This data is shared via your ecommerce platform e.g. Shopify, Magento, Bigcommerce etc.
When a merchant subscribes to LoyaltyLion, we receive the following data from the merchant:
- Account holder name
- Account holder email
- Company address
- Company telephone number
The Right to access and/or erasure
Under the GDPR, customers have several rights when it comes to accessing their data that you collect, use and process. It is likely that you will come across customers that are interested in pursuing their Right to Access their personal data or their Right to be Forgotten (‘Erasure’). These requests can be made verbally or in writing, and must be responded to within one month.
As LoyaltyLion is a Data Processor, our customer data is acquired via your ecommerce platform. To erase customer data from LoyaltyLion, please contact us at firstname.lastname@example.org
We’ve included the following resources for more information on GDPR and how you can prepare for the new legislation.
- The complete GDPR legislation
- ICO - Guide to the GDPR
- ICO - Data protection self assessment
- LoyaltyLion blog - The GDPR is coming
- Shopify - GDPR and you
Please note that this guide and any resources are not legal advice, and are for informational purposes only. Please consult your legal counsel for specifics on how GDPR affects your business.