Basically the GDPR law is a replacement for the 1995 Data Protection Directive. GDPR will significantly strengthen a number of rights for individuals (e.g. demand companies reveal or delete their personal data). The penalty for non compliance is a maximum fine is €20m or 4% of the company's global turnover (whichever is higher).
Any business which processes personally identifiable information (PII) of data subjects inside the European Union. PII is information that can be used to identify, contact, or locate a single person, or to identify an individual in context (reference) such as their email address or full name.
Here are some of the steps we've taken:
Strong Customer Authentication (SCA) is a European regulation requirement to help reduce fraud and increase online payment security. SCA should only affect those of you who have customers in the EU along with your business bank account (connected to Stripe) based in the EU.
We have implemented the 3D Secure 2 authentication method via Stripe along with various exemption handling. For your customers it provides a another step to authenticate an online transaction. Here are more details from Stripe about the various changes to their API that we help you comply with.
If you have any questions about our security, GDPR, or SCA compliance please get in touch via email at [email protected].