7. Online payments and payment processing how to comply with GDPR rules
If you have an e-commerce website, as many of our clients do, (thanks to the excellent Trading Online Voucher Scheme*more information on scheme here)then you are more than likely going to be using a payment gateway whether it be PayPal, Stripe, Woo Commerce, etc. Your own website more than likely be collecting personal data before passing the details onto the payment gateway.
If this is the case,which it probably is your website will be storing personal data after the information has gone through to the payment processor, you will need to change your web processes to remove any personal data after a 'reasonable period', for example, 60 days. GDPR legislation is not explicitly clear about the exact number of days, it is your own judgement as to what can be defended as 'reasonable and necessary.'
Over the next few months we will see this clarified through the European courts in the various nation states.
Next months blog we will look at Third party tracking software(such as Google analytics) and how these fit with GDPR rules.
*Local enterprise office will fund up to 50% of the cost)