CCAvenue

Fundamentally, almost every aspect of our lives revolve around data. From social media companies, to banks, retailers, and governments, almost every service we use involves the collection and analysis of our personal data, which may be stored by organizations. Data breaches inevitably happen. Information is lost, stolen or otherwise released into the hands of people who were never meant to see it - often having malicious intent. In a bid to address these data security concerns, the European Commission introduced General Data Protection Regulation (GDPR), a new EU-wide privacy and data protection law designed to give EU citizens more control over their personal data. The GDPR is also applicable to globally operating organizations that are involved in data processing activities.

What is GDPR?
The GDPR replaces the EU's current data protection legal framework from 1995 (commonly known as the "Data Protection Directive"). This directive allowed member states to interpret the rules as they saw fit when they turned it into local legislation. The nature of GDPR as a regulation, and not a directive, means it applies directly without needing to be turned into law.

The General Data Protection Regulation (GDPR) is a new set of rules designed to strengthen the basic privacy and data protection rights of European consumers also giving them more control over their personal data. It calls for a more granular privacy policy in an organization's systems, more nuanced data protection agreements, and more consumer-friendly, detailed disclosures about an organization's privacy and data protection practices. It aims to simplify the regulatory environment for business so both citizens and businesses can fully benefit from the digital economy. Unlike the Data Protection Directive, the GDPR is relevant to any globally operating company processing data activities with regard to EU individuals and not just those located in the EU.

Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.

CCAvenue and the GDPR
At CCAvenue, privacy, data protection, and data security have always held a position of paramount importance in everything we do. We are continuously working to raise the bar for ourselves in the security and data privacy realm, and view the GDPR as the most important change in data privacy regulation.

GDPR compliance is comprised of many elements. Among others, we have updated our documentation and agreements to align with GDPR requirements. We have also revised our internal policies and procedures to ensure that they adhere to the GDPR standards for data collection, storage and transfer. CCAvenue is GDPR compliant effective from May 25, 2018.