PayFit and the GDPR
The General European Data Protection Regulation (GDPR) begins on 25 May 2018. This important piece of regulation entails new obligations for companies such as PayFit which process personal data. GDPR also establishes new rights for the people whose data is being processed, in particular the right to forget and the right to data portability.
PayFit has already taken all the necessary measures to be GDPR compliant, and therefore offers its services within a secure and clear legal framework. Since the beginning of its activities, PayFit’s main focus has been the protection of personal data and the application of GDPR provides an opportunity to strengthen this protection for the benefit of PayFit's customers and, ultimately, the people whose data is processed.
Among the measures implemented by PayFit to ensure GDPR compliance:
- the establishment of a clear contractual framework, where the obligations and responsibilities of PayFit and its customers with regards to the collection and processing of personal data are precisely defined.
It should be noted that, as part of the services offered to its customers, PayFit acts as a subcontractor for them. It is therefore also the responsibility of the latter to ensure that their operations comply with GDPR, in particular with regards to the collection of personal data which is then transmitted to PayFit;
the creation by PayFit of a register of processing operations, identifying and updating all processing operations carried out on the personal data transmitted to it;
the implementation of a procedure to secure personal data to reduce as much as possible the risks of data breach, and the implementation of a CNIL (Commission nationale de l’informatique et des libertés) information protocol in the event of such a breach;
the appointment of a Data Protection Officer (DPO), who is responsible for ensuring internal compliance with PayFit's data protection policy and acting as an interface with the CNIL.