The site you requested may not be relevant in your area.

Tuesday, March 27, 2018

General Data Protection Regulation (GDPR) – what you need to know about the new EU data protection law

You may have heard about GDPR cropping up quite a bit in conversation or have come across it on the social channels which you use. You may know all about it already which is great, or you may not be sure what it’s really all about.

Help is at hand, this quick summary will give you an overview of the main changes GDPR will introduce and help you better understand what it will mean for you.

What is GDPR?


GDPR is the new EU data protection regulation which replaces the existing EU Data Protection Directive from 25 May 2018.

It will regulate the privacy and handling of the personal data of individuals in the European Union (EU) and offer greater protection by giving them more control over how personal data can be collected, stored and used.

This includes allowing individuals to have easier access to the information companies hold about them, a clear responsibility for organisation to obtain the consent of individuals they collect information about and a new regime of fines.

Why is it happening?


GDPR is being introduced to address concerns over data protection in today’s digital landscape. A lot has changed since the existing data protection laws and regulations were created in the 1990s.

Fundamentally, almost every aspect of our lives revolves around data. As we increasingly process vast amounts of digital information each day, the existing data protection laws and regulations created in the 1990s that govern our personal information are no longer fit for purpose. The GDPR therefore aims to harmonise regulation across Europe to reflect today’s data exchange landscape.

Who does it concern?


The GDPR will apply to an organisation or person that handles any personal data of people living in the EU. This means that companies and individuals based outside the EU that sell goods and services to individuals living in the EU will also need to comply with the new law.

What about Brexit?


The UK government has signalled its intention to implement the GDPR fully to ensure there is no interruption in the free flow of data between the UK and the EU after Brexit. This means that from May 2018 and for the foreseeable future the GDPR will apply to any UK business that processes data from individuals in the EU.

What is Elavon doing?

At Elavon, we recognise that the security of personal data of our customers is critical and compliance with GDPR is a matter of priority.


We already have a data protection and privacy program in place which is designed to identify and mitigate risk to the safety of personal data, and be compliant with the data protection and privacy regulations in the countries in which we operate.


We have been undertaking a programme of work to assess our readiness for the GDPR.  This has involved mapping current compliance levels against those mandated by the GDPR, and taking action to address identified gaps as follows:

  •  Appointed a Data Protection Officer based in Ireland who is our primary point of contact for data protection related issues and is leading the GDPR programme.
  • Established a project team to evaluate our current processes, policies and standards with the goal of being compliant with GDPR and national implementing legislation. This includes an examination of operational practices, employee training and third party risk.  
  • Our customer Terms of Service (ToS) has been updated to incorporate references to GDPR and also reflect changes based on the implementation of the EU Payment Services Directive (PSD) 2.
  • A “Privacy Notice” section has been added to our Application form for new customers outlining the rules on personal data processing not related to transaction processing.
  • Elavon will continue to comply with data protection and GDPR standards by providing the option to unsubscribe from all our promotional emails which will then trigger a Do Not Promote flag on our system. However, we will still contact you for issues relating to your contract or card scheme changes which may impact your account.


What do I need to do next?


You do not need to take any action and your Elavon Terms of Service has been updated to incorporate changes to GDPR (see Section 17 Data Protection), effective from 23 May 2018.


(Sole Trader, or Partnership with 3 or less Partners)

Elavon Terms of Service UK (CCA)


(All other Customers)

Elavon Terms of Service UK (Non-CCA)

Privacy Notice

Privacy Notice

GDPR guide

For more information on GDPR and find out how Elavon can help you please see GDPR guide.

GDPR Guide Brochure UK



Back To Latest News