The European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR imposes new obligations and responsibilities on controllers and processors of data.
As a marketplace admin, you are generally the controller of your suppliers and customers’ data. This means that you collect their data and choose how it is handled. Additionally, though it is a European regulation, the GDPR might apply to your business if your suppliers make goods and services available in Europe, even if you or your business are not located in Europe.
As a processor for your users’ data, IdyaFlow follows your instructions on how to handle that data. For more information about the roles of data controller and processor, please review the Compliance sections of this page.
IdyaFlow believes strongly in protecting your users’ personal data as well as your own, and understands that doing so is critical to help you preserve the trust and confidence of your users. IdyaFlow has designed its platform to allow suppliers to operate anywhere in the world. GDPR-compliant features are built into IdyaFlow’ platform, including features to enable you to offer your users transparency into and control over their personal data, and technical measures to ensure that your users’ personal data is protected as it crosses borders.
While IdyaFlow does what it can to set you up for success, there are also steps you will need to take on your own, and ultimately, compliance with the GDPR is the responsibility of each supplier. If you have legal questions specific to your obligations under the GDPR, then please consult with a local lawyer who is familiar with data protections laws.