France’s data protection authority, the CNIL, released updated guidance on payment card data gathered via a remote transaction. The CNIL advises companies to reconsider their payment card systems with the EU General Data Protection Regulation in effect. The DPA offers recommendations for what payment card data a company should hold onto in a remote transaction and the retention periods for various types of transactions. Should a merchant wish to hold onto customers’ card data beyond a transaction to facilitate future purchases, they must actively gain user consent by means such as a checkbox on a webpage. (Original article is in French.)
If you want to comment on this post, you need to login.