General Data Protection Regulation (GDPR)
On May 25, 2018 new data privacy regulations known as the General Data Protection Regulation (GDPR) go into effect in the European Union (EU). As a WineDirect client, here are some key pieces of information you should be aware of.
GDPR is a complicated regulation and there are many aspects that should be considered. Especially if you have a large number of EU customers or contacts, we encourage you to consult with a lawyer to ensure you are fully prepared and compliant. Please note that this page does not constitute legal advice, we have simply gathered the information for your reference.
For further guidance, the following regulators within the European Union have provided specific guidance on the GDPR:
As you evaluate what changes you might need to make to comply with GDPR, here are a few common issues you should consider:
Note that receipt and order tracking emails are considered transactional communications and are exempt from this requirement.
The GDPR gives individuals the right, in certain circumstances, to request a copy of their personal data that is being processed by a company. The GDPR requires that you provide your customers with a copy of their personal data in a common, easily readable, and portable format, so that they can use that data with a different service provider. This is covered in full in Article 20 of GDPR.
For WineDirect clients, all your customer data is accessible via the Admin Panel and can be easily exported to Excel via Reports. If you need help or have questions about accessing or exporting specific customer data, please contact support.
The GDPR gives individuals the right, in certain circumstances, to ask that their personal data be erased, or that a company restrict the processing of their personal data. This is covered in full in Article 17 of GDPR. If you receive such a request, please contact the support team or your Fulfillment Account Manager and we can help you do this.
GDPR stands for General Data Protection Regulation. It is the European Union’s new data privacy law and governs how companies use and process the personal data of European users. Additionally, it gives individuals specific rights over their personal data, including a right to access, correct, delete, and restrict processing of their data.
May 25, 2018
Yes. GDPR affects all businesses who use and process personal data of any European Union (EU) citizen. It does not matter physically where your business is located.
Personal data includes any piece of information that can be linked to an individual, such as name, email address and zip code. GDPR also considers information such as an IP address to be personal information. Click here for a full definition of what constitutes personal data under GDPR.
You can use Reports to extract your customers’ personal data from WineDirect - such as order history, credit card information, phone number and address.
If you have questions, or if a customer requests a data erasure, email firstname.lastname@example.org or your Fulfillment Account Manager and we’ll assist you in executing the request.
GDPR offers exceptions to erasure of customer data. You may find that information in Article 17 of GDPR. GDPR states that you are allowed to retain data on customers for the following reasons:
Based on the above, it is valid for you to retain customer sales information due to the compliance reporting requirements of various governments. Also, customer sales information is required by enforcement agencies in cases where fraud is suspected.
WineDirect is committed to maintaining the highest level of data security. We encrypt all data during transmission and we take reasonable measures to ensure our system is secure and non-breachable. Learn more about our security and PCI Compliance.
Data Processor and Data Controller are terms used in the GDPR. Data Controller refers to the party that determines how and for what purposes personal data is processed. Data Processor refers to the party that processes personal data on behalf of the Controller. In this case, the Data Controller is you (the winery) and the Data Processor is WineDirect.
Have another question about GDPR? Please email us at email@example.com or your Fulfillment Account Manager.