The EU General Data Protection Regulation (GDPR) is designed to harmonize data privacy laws across Europe, to protect and empower the data privacy of all EU citizens and to reshape the way organizations across the region approach data privacy.
The GDPR takes effect on May 25, 2018 and here are helpful answers to some FAQs:
- What is GDPR?
- Who is affected by GDPR?
- As a Lightspeed Retailer, how do I comply with GDPR requests from customers and employees?
What is GDPR?
The GDPR is a new law that aims to give EU citizens more control over their data by regulating how businesses process personal data. In other words, GDPR governs anything businesses can do with personal data which includes viewing, storing, changing, transferring and even deleting personal data. Under GDPR, personal data is defined as any information related to a natural person (or "data subject") that can be used to directly or indirectly identify them. This includes information such as names, addresses, email addresses and phone numbers.
Who is affected by GDPR?
Lightspeed Restauranteurs established in the European Union and/or who process personal data from customers residing in the European Union.
What are Data Processing Agreements (DPAs) and why do I need to sign them?
As Lightspeed is helping Restauranteurs in the processing of personal data, we are required by law to enter into a Data Processing Agreement (DPA) with our GDPR-affected Restauranteurs. If you're a Restaurant established in the European Union, you should have received the DPA by email.
Signing the DPA is fully to your benefit as it creates specific rights for you in relation to Lightspeed’s processing activities. Also, it clearly describes all the obligations that Lightspeed has towards you. Once you've signed the DPA, it is effective immediately and is legally binding. If you haven't received the DPA from us yet, it's important that you reach out to firstname.lastname@example.org and sign it as soon as possible. This will ensure that you're compliant with the GDPR and avoid fines from the privacy authorities.
It's also important to note that Lightspeed shares its personal data with many integration partners. This allows them to pull the data they need to build their integrations and Lightspeed to offer the best business solution to its merchants. Because of the data-sharing nature of our partner integrations, GDPR-affected Restaurants that have integrated their Restaurant accounts also need to enter into a DPA with our partners.
To request a DPA and for more information, please contact our integration partners directly.
NOTE: All of our Lightspeed products support the above GDPR requests. For instructions specific to your Lightspeed product, please see their respective GDPR Help articles: