GDPR

General Data Protection Regulation (GDPR)

The European new privacy law known as the General Data Protection Regulation (GDPR) took effect on May 25, 2018. The regulation covers every country that can gain access to the EU nationals’ data. Which makes it not limited to European companies. With this law, it is said to cover every major country in the world notwithstanding the location.

People are given rights over their personal data. The GDPR provides the right to access multiple sets of data ranging from consumer data to correcting and deleting data under strict guidelines for users. Personal data under the GDPR are considered data that is attached to a particular individual.

Every business is expected to comply with the GDPR laws. It is advised to consult a legal professional. Some businesses are different with their laws so it might take some time to prepare to comply with the GDPR laws. In this article, all information needed to get an overview, requirements, and complete GDPR compliance will be illustrated.

Guidelines to prepare for the GDPR

It is important for all Acutrack merchants to comply with the rules and regulations of the GDPR if they are within the EU or are hoping to do business with EU customers. Data is information that can be used directly or indirectly, so it is solely your responsibility to comply with the GDPR requirements. In making this a success, Acutrack uses a unique system to process personal data effectively. We recommend the following;

Gather proper approval before collecting any data

Proper approval is necessary to get from each customer before processing any customer personal data. Always have a standby privacy policy that shows how the data you are collecting is to be processed and why you are gathering this data. Also, show your customers that they have exclusive rights to withdraw their consent.

Make sure that your customer agrees with your terms and condition before proceeding with anything you want to do with them. Professionally, it is impossible to place an order with establishing this fact.

Set a clear customer access to their data

It is expected that every customer has a copy of their data in a hardcopy and readable format. When you check the Acutrack control panel, you can access every customer’s data. Acutrack can always help with things such as; the information it keeps, and the provision of data. In doing this, always have in mind the access of third parties to your data.

Rights to customers deleting, editing, restricting data uses

Just by sending in a request to Acutrack, you can always get help to delete the personal data it stores. It is advised to store your data in an encrypted format with a maximum password length. With this format, even third-party access can still be protected by who and who doesn’t have access to your data.

Data Breach Notifications

As our merchant, you have all exclusive rights to control data while Acutrack processes data. If there is a breach of any kind on your website, you must report the customers that seem to be affected. It is important to send any notification within 72hours after the time of the breach. Two things should be done after experiencing a data breach.

• You notify data processors about the data
• You inform the data controllers about the data breach

Has Acutrack set a system to comply with the GDPR?

Acutrack has done and provided guidelines to comply with the GDPR. There are various ways Acutrack gathers information and processes data using the GDPR guidelines. These are done using the following ways;

• A data protection officer is assigned to cover the entire Acutrack data protection policy.
• We focus on strategy to deliver GDPR training to key personnel.
• We set out some procedures to deal with access requests to either government requests or delete requests.
• To provide adequate protection of personal data, Acutrack only works with sub-processors, and to make this work, a lot of technical and organizational measures are being adhered to.
• To secure our data breach issues, we set up a unique method to detect, report, and investigate any case of such.
• We have installed a unique recording process of data processing to help with the regular activities that are being handled.

Our vendors

• USPS
• FedEx
• UPS
• XERO
• Bill.com