Guides
Sign In
Start typing to search…

GDPR compliance

Understand the General Data Protection Regulation and FastSpring's compliance status.

The EU General Data Protection Regulation (GDPR) establishes a comprehensive framework for the management and protection of the personal data of EU residents.

This regulation applies to all companies that process or hold personal data of customers residing in the EU, regardless of the company's location. If your company sells to EU residents, your store must be GDPR compliant.

Important: FastSpring is fully GDPR-compliant. However, your company may have additional obligations under GDPR, for which FastSpring cannot provide legal advice.

The sections below explain who is affected by GDPR, what constitutes personal data, and how FastSpring maintains compliance. Select a card or use the TOC on the right to jump ahead.

Scope & Impact
Who needs to comply with GDPR regulations?
Personal Data
Examples of data protected under the law.
FastSpring Compliance
See how FastSpring handles data protection.

Who does the GDPR affect?

GDPR compliance applies to organizations within the EU as well as to organizations outside the EU that sell to or collect data from EU residents. Requirements vary by company depending on its size, the types of data it processes, and its current security measures.

Under the GDPR, businesses are required to:

  • Obtain explicit consent to access EU-based residents' personally identifiable information (PII).
  • Notify customers in the event of a hack or data breach.
  • Appoint a dedicated data protection officer (DPO).

Penalties: Businesses found to be noncompliant may be charged significant fines.

Understanding personal data

Personal Data constitutes any information regarding a person (data subject) that can be used to identify them directly or indirectly.

Common examples include, but are not limited to:

  • Name
  • Photos
  • Email addresses
  • Bank information
  • Medical information
  • IP addresses
  • Posts on social media

FastSpring compliance

FastSpring is fully compliant with the EU General Data Protection Regulation; our platform can conduct business with all EU-based consumers.

FastSpring also complies with the EU-U.S. Data Privacy Framework (DPF) regarding the collection, use, and retention of personal information from the European Union.

Compliance relationship diagram

The diagram below illustrates the relationships among FastSpring, Sellers, and Buyers from a GDPR perspective.

Updated 9 days ago