GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Thriving in a disruptive market - MLS strategies


Industry Update

Zaxby's breach under investigation

UBPS acquisitions further ambitious vision

AmEx restructuring, reimbursements force job cuts

Fed assesses Durbin effect on networks, banks


SMEs and important changes to the EU data protection act

Bill Farmer
Mako Networks Ltd.

Research Rundown

Fed analysis of post-Durbin effects on networks

Website mistakes to avoid

Selling Prepaid

Prepaid in brief

Using KYC to boost prepaid usage

Low fees may be lynchpin for tax refund card adoption


Is prepaid usage a valid measure of banking status?

Patti Murphy
ProScribes Inc.

Top five reasons to sell POS systems

Brian Jones

Is m-commerce at a cultural tipping point?

Rick Berry
ABC Mobile Pay Inc.


Street SmartsSM:
Tack like a sailor to strengthen your sales

Jeff Fortney
Clearent LLC

Time to take inventory of your leadership stock

Dale S. Laszig
Castles Technology Co. Ltd.

Distancing your ISO from the pack through partnerships

Christopher Briller and Sean O'Neil
MerchantPro Express LLC

Fraudsters persisting in the new year

Nicholas Cucci
Network Merchants Inc.

Company Profile

Glazer_Kennedy Insiders Circle LLC

New Products

Say yes to global customers

Multicurrency processing
Pivotal Payments

Artificial intelligence pinpoints fraud

Kount AI platform
Kount Inc.


You think you've got it bad


GS 10 Years Ago

Readers Speak

Resource Guide



2013 events calendar

A Bigger Thing

The Green Sheet Online Edition

January 28, 2013  •  Issue 13:01:02

previous next

SMEs and important changes to the EU data protection act

By Bill Farmer

Editor's Note: This article was originally published by Business Computing World on Dec. 20, 2012. Reprinted with permission. - Mako Networks Ltd.; all rights reserved.

The European legislative changes planned for 2014 will unify data protection practices across the European Union, standardizing requirements around public disclosure and the penalties if a breach should occur at a business that has failed to adequately protect its data.

What's changing?

For all organizations that store or process payment card transactions, the significant change that 2014 will bring is reclassification of payment card information as personal data, and therefore it will be legally treated as such. This means businesses will have to ensure security and compliance processes are up to scratch to meet the mandated requirements and avoid legal action.

What will this mean for SMEs?

Small and midsize enterprises (SMEs) are no less susceptible to data breaches than larger organizations and are increasingly seen as easier pickings. They often lack the necessary resources, such as a dedicated data controller or security officer. This means that the role of managing data security is often foisted onto the business owner or delegated to an untrained employee.

Fortunately, the existing Payment Card Industry Data Security Standard (PCI DSS), a set of best practice security guidelines set up by the credit card companies, forms a good basis on which to protect both payment and nonpayment data if correctly implemented and continually enforced. There is, however, a counterpoint: a breach based upon a failure to correctly enforce the PCI DSS exposes a merchant to the risk of penalties under both regulatory regimes.

As it stands today, when data is lost or stolen it's only the government and the telecommunications industry that are required to formally declare a breach as having occurred. Once the EU regulation is in place, investigations by the relevant authorities will be standard across all sectors, as will the requirement to proactively notify victims and regulatory bodies alike.

If an organization fails to adequately protect data, fines are posited to cost a business 2 percent of global turnover, and the required forensic investigations are exceptionally disruptive for any organization. Organizations of all sizes have a responsibility to safeguard the personal information of their employees - something still frequently overlooked within the SME sector. A breach of employee data can have as dramatic an effect as losing customer data, since it can easily form the basis for identity theft.

What does 2014 have in store?

Looking ahead to next year, we would advise SMEs to get up to speed on security and prepare for further regulation in their longer-term business plan. The introduction of legislative changes surrounding data protection is a clear message that Europe's lawmakers are taking data protection seriously, and SMEs have no option but to find a way to implement appropriate processes or procedures or face the ignominy of a data breach.

Important factors to be considered now by SMEs are:

The essential measures needed for merchants to comply with the new European Union Data Protection Regulation of 2014 should be implemented now if SMEs want to truly protect their businesses.

What is the Data Protection Directive

Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data" (known as the Data Protection Directive) is a 1995 European Union directive that regulates the processing of personal data within the EU.

A critical part of EU privacy and human rights law, the directive is now in the process of being updated. "The protection of personal data is a fundamental right for all Europeans," said EU Justice Commissioner Viviane Reding. "A strong, clear and uniform legal framework will help unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation in Europe."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios