At the end of this month, the General Data Protection Regulation (GDPR) will come into effect. At Lightspeed, we have been working for some time to ensure our timely and complete compliance with this new standard. This article is designed to provide a brief update on progress and explain the action that has been taken. What are we doing? Why is this important for you? And what must you do to help us comply with the new regulation?
Supporting privacy protection
At Lightspeed, we take the protection of our customers’ privacy, and that of our customers’ customers, very seriously. We regard the GDPR as an essential development that will force all data processing companies to look critically at their processes. We believe the GDPR is an essential stage in ensuring that we all handle personal data responsibly, now and in the future.
Compliance with the new legislation
Our primary focus is to ensure that all Lightspeed products are designed in such a way that they comply with the GDPR for all our customers. We have also sent an email to all our customers asking them to sign a data processing agreement. It is necessary for both parties to sign the agreement to comply with the new legislation.
We have held a number of internal sessions to ensure that Lightspeed staff at all levels are aware of the changes to the law and that all their activities and product developments comply with the GDPR. We have built functions into our eCom product for processing requests that relate the rights of individuals. The right to information and the right to be forgotten are examples of this. Our customers can access this function and submit requests via our support portal. This enables us to provide the optimum assistance to our customers when processing such requests.
An overview of Lightspeed’s efforts:
- With effect from 25 May, our products and processes will comply with the GDPR. Even after this date, we will continue to monitor closely all developments which relate to the GDPR.
- We have sent a data processing agreement to all our customers. It is essential that we both sign it. However, bear in mind that we are unlikely to be the only people asking you to sign such an agreement before 25 May.
- In the event of a data breach, or if a security problem should arise in respect of any of our products, we will take action in accordance with GDPR standards and notify you immediately.
- Everyone has the right to request access to stored personal data or to submit a request to be forgotten by those who store such data. This also applies to Lightspeed. You can request your personal data from us or submit a request to be forgotten. If any of your customers submit such a request to you, we will help you to deal with it.
- We choose our service providers carefully and make sure that they comply with the GDPR, even if they operate outside the EU.
- One of the basic principles of the GDPR is that personal data should be stored only for as long as is necessary. This has our full support.
What do you have to do?
Responsibilities arising from these changes in the legislation lie with both parties. In addition to the adjustments to our products and processes, part of the responsibility also lies with you as a vendor. Listed below are the three most important aspects for which you, as a vendor, are responsible:
- Make sure that you have requested and obtained consent for the installation of cookies (for tracking and analytics) and for sending newsletters.
- Make sure that you have a signed data processing agreement with all data processors. That also includes Lightspeed. Please make sure that you sign the agreement promptly.
Implementation of the GDPR on 25th May does not mean that we will cease our endeavours to ensure that personal data is protected on our platforms. We will continue to monitor all future developments relating to the GDPR very closely.