BackIntroduction to B3

GDPR and B3

The General Data Protection Regulation (GDPR) requires B3 to make the following changes to its platform and internal privacy program:

  • Reorganize the privacy team, and document and keep records of certain privacy-related decisions made by B3 so that B3 is accountable for its privacy practices.

  • Make sure that B3 is able to honor the rights of European merchants and customers over their personal data, and that when using B3's services, merchants are able to do the same.

What has B3 done to prepare for the GDPR?

Policies and documentation

  • Updated B3's privacy policy to include more information about the rights extended by the GDPR, as well as more detailed information about how B3 processes personal data, as required by Articles 13 and 14 of the GDPR.
  • Implemented a detailed procedure to deal with data subject access requests, deletion requests, and government access requests.

Product features

  • Updated the privacy policy generator to include some of the information merchants will need to include in their privacy policies, as required by Articles 13 and 14 of the GDPR.

Corporate governance

  • Appointed an experienced Data Protection Officer to oversee B3's data protection program and GDPR implementation plan.
  • Prepared a registry of our data processing activities, as required by Article 30 of the GDPR.
  • Implemented a Data Protection Impact Assessment process, as required by Articles 35 and 91 of the GDPR.