The EU General Data Privacy Regulation (GDPR) was adopted in 2016 and went into effect on May 25, 2018. The GDPR is a framework regulation that is designed to provide a uniform regime to protect the privacy of an individual of the European Union (“data subject”) whose personal data is collected, stored, or processed.

The GDPR is extremely broad in scope. Accepting or processing payments may be classified as the collection and processing of personal data under the GDPR. As such, any company involved in processing payments from consumers should take steps to determine whether they or any of their business partners are collecting, storing, or processing personal information of a data subject.
Continue Reading GDPR Applicability to U.S. Merchants, Processors and Acquirers