GDPR & Subscription Businesses: Role of the Data Processor
In this webinar, we discuss GDPR and the role of the Data Processor. This is the legal entity which processes personal data on behalf of the controller and by understanding what such a role entails will guide you as you develop your subscription business. This is presented by our team of GDPR experts:
- Lisa Jordan, Head of Legal
- Jay Payne, Head of Operations
- Callum Mannix, Product Owner
What You'll Learn in This Webinar
What It Does and Doesn't Apply To
GDPR applies to; any company collecting PII data (personally identifiable information) for professional or commercial purposes aimed at B2B or B2C customers located in the EU, regardless of whether the products or services are linked to a payment or not. This includes companies based outside of the EU that actively sell to, businesses or customers located within the EU, for instance, a business located in the US that provides goods or services in EU languages, EU currencies or has company and customer references.
GDPR does not apply to; identifiable information related to a business, a deceased person, anonymised data and the processing of PII data by a natural person purely for the purpose of personal or household activity and therefore not connected to a professional or commercial related activity.
Data Processors and Data Controllers Explained
A Data Processor is defined as a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
A Data Controller is defined as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
During the course of this webinar, our experts will clearly explain the differences and what responsibilities lie with the Data Processor.
Compensation, Fines and Penalties
Infringements of certain GDPR provisions shall, in accordance with the administrative fines, be subject to administrative fines up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
If a processor (or controller) intentionally or negligently, for the same or linked processing operations, infringes several provisions of the GDPR, the total amount of the administrative fine shall not exceed the amount specified for the gravest infringement.
GDPR and eSuite
In MPP Global's position of a Data Processor powering the subscription business models of the world’s leading publishing, media and retail companies, we have evolved our platform to meet the stringent requirements of the new GDPR legislation.
eSuite has been PCI-DSS Level 1 compliant for many years, which gave a solid foundation for building out the environment for GDPR compliance. Our team of experts will take a closer look at the features that eSuite offers, which satisfy the role of a Data Processor.