As of May 25, 2018, the GDPR became enforceable. It affects business worldwide and has had a permanent impact on compliance and due diligence.
What does GDPR mean? And how does GDPR affect global debt collection?
What Does GDPR Mean?
GDPR is the abbreviation of “General Data Protection Regulation”. GDPR is a regulation that requires businesses to protect the personal data and privacy of citizens of the European Economic Area (EEA) for transactions that take placewithin the EEAmember states, as well as the transfer of personal data outside the EEA. The EEA includes all countries of the European Union plus Iceland, Liechtenstein and Norway.
The GDPR contains provisions and requirements related to the processing of personal data of individuals. Any company that stores or processes personal information about EEA citizens must comply with the GDPR, even if they do not have a business presence in any of the EEA member states.
The specific criteria for companies required to comply are:
- Companies that have apresence in an EEAcountry;
- Companies without apresence in the EEA, but whichprocesses personal data of residentsof EEA members;
- Companies with more than 250 employees;
- Companies with lessthan 250 employees but whosedata-processing impacts the rights and freedoms of data subjects.
In reality, this means that the GDPR covers almost all companies that process personal data of individuals being citizens or residents of any of the EEA members.
How Does GDPR Impact International Debt Collection?
Debt collection agency typically process information, in order to provide their debt collection services. This is especially the case for debt collection agencies dedicated to B2C collections, but it may also cover B2B collections, if the data that is processed contains personal information of individuals.
It impacts international debt collection, if there is a transfer of data from a creditor to a(n) (international) debt collection agency, or from one debt collection agency to another (foreign one), and if the data is related to an individual being a citizen or a resident of any of the EEA members, or if in any other way a collection agency is collecting a cross border claim with personal data of a citizen or a resident of any of the EEA members involved.
Stay Compliant: Having A GDPR Policy In Place
The so called “data controllers”and “data processors”of personal data must put in place appropriate technical and organizational measures to implement the data protection principles. That also goes for debt collection agencies active in international debt collection, whereby the creditor or the sending debt collection agency is the “data controller” and the receiving debt collection agency the “data processor.
The GDPR basically definesseven key principles, to be taken into account by companies when putting together a protocol for processing personal data of EEA residents:lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.
The GDPR protects the following information, and technical and organizational protocols should take them into account to build the appropriate GDPR-proof protection mechanisms:
- Basic identity information such as nameand last name, address and ID info;
- Web data such as location, IP address and cookie data;
- Health and genetic data;
- Biometric data;
- Racial or ethnic data;
- Political opinions;
- S$xual orientation.
The General Data Protection Regulation(GDPR) requires businesses to protect the personal data and privacy of citizens of the European Economic Area (EEA). The GDPR impact international debt collection, since there is a transfer of personal data from the creditor or a local debt collection agency, to another (foreign) debt collection agency. It is important for the international debt collection agency to be compliant and to have a GDPR policy in place.
If you want to know more about international debt collectionin general, and debt collection in Latin America and the Caribbean in particular, please reach out to Cobroamericas, on Linked-In or follow us on Twitter.
To participate in conversations about debt collection in Latin America please join the Linked-In Group Debt Collection Latin America.