Connect with us

Business

THE POTENTIALLY CATASTROPHIC EFFECT OF GDPR ON CLOUD MIGRATION – IF YOU HAVEN’T STARTED YET.

Published

on

Dr Gavin Scruby,CIO,SmartDebit

Certain industries have significant restrictions on the way they process data. Some of the most common are defence, health, credit card and government. When these organisations process data, they have to comply with industry-specific regulations, which benefits us all. What some companies have not yet realised is that everyone now operates under a similar kind of regulation. This is of course the General Data Protection Regulation, most commonly referred to as GDPR, which now governs data protection across the EU. The UK government intends to write GDPR into UK law and stay largely parallel with the EU, so the caveats here will probably apply even in the case of a no-deal Brexit. While many people know that the GDPR affects how they should protect data, the breadth of impact on the data controller-processor relationship is often missed, and this can have catastrophic effects on business flexibility, and particularly on cloud migration.

Gavin Scruby

Before getting into the consequences of this and how they could be managed, it’s worth looking at what controller and processors are, to see how they affect nearly everyone who offers a service over the internet. If you have a website and you integrate a card payment service, you are a data controller – you decide what data you collect from your customers (card details and postcode), why it is processed (to make a card payment) and who processes it (the card payment processing company). While you are the controller, the card company is your processor – it processes data from your customers to enable credit card payments to happen. This kind of relationship is more common than many people may think. In any situation where a company provides a personal-data processing service to another company, that service company becomes a processor. It could be an online CRM service, a bookings service, an online document storage service, even a paper document library (as GDPR applies to printed information too) – almost anything where the service provided stores or processes personal data for another organisation creates a controller-processor relationship.

The difficulty now is that GDPR puts a lot more restrictions on what a processor can do without the controller’s consent, largely because the controller now has many more obligations to check and control how data that it collects is used. This is only fair; if you are liable for data you’ve collected, you should have some say in what is done with it when you subcontract it to someone else.

A key restriction, and the one we consider here, is within the GDPR’s Article 28 Paragraph 2: “The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”

The simple language interpretation of this is that as a processor, you can’t change your data subcontractors without explicit permission from your controllers (i.e. customers) – and that means all of them. This is difficult enough if you want to change standard suppliers, but the often neglected consequence is that it can also affect where you locate core data and whether you migrate to the cloud. Even if you rent rack space in a data centre (co-location hosting) and the data centre never “sees” unencrypted data, this is still classed as a sub- processor by the law. Consequently, any move to another data centre, or a migration to cloud, is considered a change in sub-processor, which therefore requires permission from all customers.

In practice, this could be extremely limiting. You would not want to attempt to arrange written authorisation from every customer when you want or need to move to the cloud. If nothing else, it could push back migration timescales by years. The most you would want to do is inform customers, with perhaps an early termination clause if they had a significant issue. This is not how contracts are being drafted, and not how the ICO recommends they are drafted. Standard clauses will be created by the EU or ICO in time, but these are not yet available. The ICO recommends contract terms of the form: before employing a sub-processor, the original processor must inform the controller and obtain its prior specific or general written authorisation. It is possible to draft contracts to contain general written authorisation or include clauses to allow early termination or assumed acceptance on non-response, but you’ll need professional legal advice to make these enforceable and legal such that they do not violate the GDPR.

The result of the introduction of the GDPR now means you need to do two things: firstly, make sure your own contracts are drafted to ensure maximum flexibility for you but in compliance with the law; and secondly, read sub-processor clause amendments made by customers very carefully. Here you need to discuss your specific circumstances with your legal advisors or industry body. If you just migrate to cloud without customer consent, you could fall foul of GDPR sub-processor limitations, and many more organisations and individuals are getting knowledgeable on their rights.

Don’t panic though. The GDPR has thrown up many situations like this and it is still very new, in case law terms. The GDPR is not intended to work in such a way as to stop dead industry-wide cloud adoption. Everyone is finding their way on these rules right now and the ICO seems to be taking a “carrot” rather than “stick” approach for those companies who are genuinely trying to improve data protection but still operate their businesses competitively. In time, consensus guidance will be developed, but until that time, we all have to be more careful about what we sign and even more careful about the contracts we write.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY

Published

on

By

By Brad Hyett, CEO at phos

 

Over the last year, we have seen a big shift towards contactless payments. Fuelling this has of course been the coronavirus pandemic, which has made the public hesitant to handle cash due to the health concerns.

As multiple national lockdowns forced physical stores to close, and customers demanded easy, cash-free payment options, merchants had to quickly adapt. The result? An increased provision of pay and collect services.

In the UK alone, 83% of people use contactless payments according to data from the Office of National Statistics.

So it’s vital that merchants are equipped with the most efficient payment solutions, as the UK heads towards a mobile-first economy.

 

Proliferation of contactless payments

In 2020, 90% of UK card payments were contactless. This equates to an increase of 12% on the year prior, despite the total number of payments made falling by 11% from 2019 to 2020. Moreover, the affordability of smartphones has increased significantly over the last decade. And it’s estimated that 84% of UK adults now own one.

We’re Seeing merchants embrace more efficient and cost effective payment methods in response. While physical payment terminals are often too expensive for many small businesses, software point of sale, or SoftPoS, enables merchants to turn hardware that they already own – i.e. their mobile device – into a point of sale terminal.

With merchants increasingly adopting these innovative technologies, contactless payments will continue to gain popularity among the general public. In 2020, 13.7 million people in the UK either didn’t use cash at all or only used it to make a single purchase. That’s double the same figure from the previous year.

 

Changing consumer demand

Now more than ever, consumers are aware of how innovative payment solutions can add efficiency to their daily lives. As such, consumers now demand better payment services, including reduced queuing times, checkoutless stores, and bespoke loyalty schemes.

Businesses such as Mercedes offer an end-to-end digital car purchasing service, so customers can go through the whole car purchasing journey from the comfort of their own home. This includes car deliveries, financing, insurance and more.

Meanwhile, eCommerce giant Amazon has started trialling checkoutless ‘Go’ stores, speeding up the shopping experience by eliminating the queuing process altogether. The days of waiting for a table at a restaurant are also over, as more people have grown used to booking in advance.

Hence, it’s important that we empower small businesses to remain competitive and provide them with the payment solutions to meet customer demand.

 

Global transformations

The digital payments revolution isn’t slowing down anytime soon. By 2026, only 21 percent of transactions will be made using cash.

The US might have been slow out of the gate, but it’s starting to see increased adoption of mobile payments. In-store mobile payments grew by 29% in the States last year alone.

This growth was primarily fuelled by Gen Z-ers and millennials. Latest projections show that there will be 6 million new mobile wallet users by 2025, with millennials accounting for 4 million of this figure. These two generations, the former in particular, have grown up with mobile banking.

For most Gen Z-ers, their first foray into financial services was with a challenger bank like Starling or Monzo. These banks are able to offer online features such as ‘split the bill’, fee-free withdrawals abroad and much more to cater to the modern financial needs of the younger generation.

The Middle East experienced similarly sharp increases in contactless payments. From 2019 to 2020, there was a 200% growth in contactless transactions. This shift towards a mobile-first economy in the region was inevitable; the pandemic merely accelerated this shift. A recent study showed that 80% of people living in the Middle East planned to continue using contactless payments post-pandemic, with speed and security being the main draw.

 

The future is mobile

As parts of the world now start to come out of lockdown, there’s an openness to new solutions and a widespread acceptance of new technologies.

It is now a case of when, rather than if, we’ll see a permanent shift to cashless in the future. For businesses, embracing digital innovation will be key to remaining competitive and keeping pace with consumer demand in this fast-changing payments landscape.

 

Continue Reading

Business

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

Published

on

By

By Alan Irwin, Senior Director of Product at Global Payments UK

 

The dramatic increase in online shopping over the past 18 months has encouraged many businesses to invest in developing their omnichannel shopping experiences. The reasons vary – some are keen to capitalise on the trend of older shoppers migrating towards ecommerce and some are trying to make up for loss of sales in brick-and-mortar stores during the pandemic. It is also true that many businesses are shifting their models to sell direct to consumers to avoid high marketplace fees and are therefore building their ecommerce channels for the first time.

The checkout experience is arguably the most important and delicate part of the ecommerce transaction, as it can make the difference between a happy customer likely to return, and a shopping cart abandoned out of frustration and confusion. A survey from March 2020 suggested that 88% of online shopping orders were abandoned, i.e. not converted into a purchase. A seamless, customer-centric online payment experience is therefore critically important in ensuring completed transactions. But with so many payment providers available, what should businesses be looking for when trying to keep friction to a minimum?

 

Keep clicks to a minimum

Less touchscreen interaction equals less abandonment. Adapting the payment page to fit any device and supporting popular mobile digital wallets like Google Pay ensures a seamless, stress- and hassle-free checkout experience for the customer and keeps clicks to a minimum. Friction can present itself in the most minor features – for example, when the customer is navigating the payment form, the appropriate keypad should be shown to the customer when required. It’s much easier to enter a card number using the dial pad instead of switching between QWERTY keypad layouts.

Simplifying online forms with autofill and tokenisation also significantly reduces friction at checkout and shortens necessary time taken. Ensuring checkout forms are tagged correctly for “autofill” is a great way to offer customers a single-click to input the payment, shipping, and billing data that they have stored in their browser profile. Similarly offering a guest checkout option will help convert customers who are in a hurry or looking for a one-off purchase. This can also be achieved by offering to store the payment details (called ‘tokenisation’) for express repeat and one-click purchases.

 

Make it easy to understand

A tailored payments approach can increase both domestic and international global sales. By offering a checkout experience in the customer’s language, the option to pay in their currency of choice, and use their preferred method of payment (whether it’s PayPal, Alipay or card), businesses can build loyalty quickly and put customers at ease. It is equally important for merchants to ensure they always display simple direction and information about next steps to instil confidence and prevent customer drop-off. The customer should be informed of what is happening at every stage in the process, for example, whether they will proceed to SCA (Secure Customer Authentication) next or go straight through to completion.

In addition, validating forms in real-time means merchants can highlight potential errors to the customer early on, and payment providers should provide this functionality. This could be an invalid expiry date, an incorrect digit in the card number or incorrect CVV number based on card type. When issues are only flagged at the end of the process, this forces the customer to go back through the steps to figure out the error. Real-time signposting of problems removes this potential friction and reduces the potential for a declined transaction.

 

Ensure seamless security

Merchants should work with a payment partner who offers the right blend of security and compliance management without it coming at a cost to the end-to-end checkout experience for the user. Instilling trust and security in your checkout flow while utilising the right solutions to drive seamless authentication flows will increase customer confidence and help prevent drop-off.

The greatest level of security and control comes from either utilising hosted payment fields that the
merchant can natively integrate into their checkout flow, or a hosted payment page where they can
manage the look and feel. Showcasing your brand on the checkout page with trust signals and logos also adds to building trust with the customer.

Staying ahead of regulations is also important. Secure Customer Authentication (SCA) will soon be mandatory in the UK for all eligible digital transactions, and this doesn’t have to be a friction-full process. Tools like Transaction Risk Analysis (TRA) and Exemption Optimisation Service (EOS) can quickly score transactions and drive exemptions where there is the right blend of transaction risk.

 

The devil is in the details

These three rules for successful ecommerce checkout experiences may seem straightforward, but it is important to apply them at a micro level. It can take only one minor point of friction to cause a customer to abandon their cart, and this will inevitably be replicated across other similar customers. It is critical to identify friction points early on and anticipate customer needs throughout the process. Discussing these points and any opportunities to improve customer checkout experience with your ecommerce team and payment provider is an important first step towards ensuring your entire shopping experience remains competitively seamless and loyalty is won. It may be that your payment provider cannot address them, in which case it could be time to move on in order to stay competitive.

 

Continue Reading

Magazine

Trending

News19 hours ago

FINTECH COMPANY PAYEN CHOOSES AQILLA FOR ITS LIMITLESS SCALABILITY AND SUPERIOR MULTI-CURRENCY FEATURES

Payen is a fast-growing FinTech company that provides gateway Payment and FX services to online merchants. Having launched in 2010,...

Business19 hours ago

THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY

By Brad Hyett, CEO at phos   Over the last year, we have seen a big shift towards contactless payments....

News19 hours ago

NEW RESEARCH REVEALS KEY ROLE OF KYC COMPLIANCE IN DRIVING CUSTOMER LOYALTY, ADVOCACY AND NEW BUSINESS

The impact of financial crime for institutions goes beyond crippling fines   A piece of original research conducted by RegTech...

Business20 hours ago

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

By Alan Irwin, Senior Director of Product at Global Payments UK   The dramatic increase in online shopping over the...

Business20 hours ago

JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN

by Alex Klein, COO at Efficio Consulting   Following a period of ongoing economic uncertainty, business spend has risen high...

Finance20 hours ago

NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE

Nick Ford, Chief Technology Evangelist, Mendix   Financial services are the poster child of great digital transformation: today, Britons can...

News20 hours ago

PAYSAFECARD AND NEO EXTEND THEIR SUCCESSFUL PARTNERSHIP

paysafecard, a market leader in eCash payment solutions, and NEO, one of the most successful FIFA teams in the world,...

Finance20 hours ago

WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS

Kriya Patel, CEO, Transact Payments   While the recent introduction of PSD2 — the second iteration of the EU’s Payment...

Banking1 day ago

COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS

UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities By Philippe Thomas,...

News2 days ago

PPRO CLAMPS DOWN ON FINANCIAL CRIME RISKS, PARTNERING WITH AND INVESTING IN AI-DRIVEN TRANSACTION MONITORING STARTUP SENTINELS

PPRO, the leading local payments infrastructure provider, has today announced a strategic partnership and minority investment in Sentinels, Europe’s leading transaction...

Business2 days ago

EMV® IN TRANSIT: WHY AND HOW?

Taoufik Sakhi, Smart Mobility Technical Advisory Director at Fime   Today, contactless cards provide a fast and frictionless payment experience,...

News2 days ago

INSTANDA ENTERS THE MIDDLE EASTERN MARKETPLACE

INSTANDA expands global footprint by working with new client, NewTechMe  First product distributed in the Middle East  Announcement signals INSTANDA’s understanding of NewTechMe’s vision to drive digital transformation in UAE...

News2 days ago

RGU LEADS EUROPEAN INTER-REGIONAL NORTH SEA PARTNERSHIP TO HELP HOMEOWNERS IMPROVE ENERGY EFFICIENCY

NB: Image from left to right includes:   Mike Bauermeister, Kishorn Insulations, Jamal Alabid, RGU, Amar Bennadji, RGU, Richard Laing, RGU,...

News2 days ago

JUMIO APPOINTS JENNIFER N. HARRIS TO BOARD OF DIRECTORS

Addition of veteran CFO comes amid period of record growth and product expansion at Jumio   Jumio, the leading provider...

News2 days ago

WISE LAUNCHES ASSETS, YOUR WISE ACCOUNT INVESTED IN THE WORLD’S LARGEST COMPANIES

Assets offers current account flexibility, with the potential for investment returns Wise, the global technology company building the best way...

Finance2 days ago

A CHECKLIST FOR RETRENCHMENT READINESS

By Shelley van der Westhuizen, head of financial well-being strategy & applied research at Alexander Forbes   Your health may not...

News2 days ago

EQUIDUCT LAUNCHES TRADING IN EXCHANGE TRADED FUNDS FOR RETAIL INVESTORS IN EUROPE

Equiduct will offer 436 ETFs and ETPs for trading through Apex   Equiduct, the pan-European retail exchange, announced today that...

Finance4 days ago

THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION 

Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems     CFOs and financial controllers play a pivotal role in how organisations evaluate and manage...

Business4 days ago

THE DEMAND FOR BETTER B2B PAYMENTS

By Brandon Spear, CEO, TreviPay   Business-to-consumer (B2C) payments started adapting to digital processes when consumer shopping habits began shifting...

Finance4 days ago

HOW TO BUY USDT AND AVOID THE HIGH VOLATILITY OF CRYPTO

Understanding and breaking down all the different types of crypto can feel like a huge task—there are so many variations...

Trending