GDPR Compliance Information for DPD

The European Union’s General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. This regulation changes how companies use and process the personal data of European users, including vendors outside of the EU that sell to EU buyers.

DPD is working toward being compliant with this new EU law and we will be compliant by May 25, 2018.

What has DPD already done to comply with the GDPR?

1. Appointed a Data Protection Officer to oversee our data protection program.
2. Added a Data Processing Addendum to our Terms and Conditions of Service, as required by Article 28 of the GDPR.
3. Implemented a Data Protection Impact Assessment process, as required by Articles 35 and 91 of the GDPR.
4. Reviewed our contractual arrangements with sub-processors to ensure that they are required to protect personal data.
5. Conducted GDPR-focused training to key teams and personnel.
6. We have updated our Privacy Policy and Acceptable Use Policy to be legally compliant and easier to understand.

What other changes will DPD implement to be compliant with the GDPR?

1. Adding functionality to anonymize buyer information for past purchases if requested (“right to be forgotten” requirement)
2. Adding functionality for vendors to explicitly ask for opt-in to marketing communications during checkout (“ask for consent” requirement)
3. Expanding our existing data export options to include all buyer information if requested (“Provide portability of the data collected” requirement)

Privacy Shield Registration

Additionally, DPD has applied for Privacy Shield registration and self-certification with the US Department of Commerce to aid vendors in their compliance efforts. We will post an update when this process is complete.

We will be posting further updates as the new features are released.