The General Data Protection Regulation and Klarna

By Anna-Sofia Prevell

As you know Klarna cares deeply about privacy and data protection and welcomes the General Data Protection Regulation, the GDPR. As a consequence we started our work with the new EU data protection law – the GDPR – already in 2016. Even though the GDPR comes with some stricter requirements, a lot of things remain the same. The GDPR also makes it a bit easier to do business across different EU countries.

We currently have a dedicated GDPR readiness project that will run up until and through May 2018. The project is run by a project manager and all parts of the organization has designated resources to the project. Klarna’s Global Privacy Office, consisting of five committed privacy lawyers, also support the project with legal analysis and to drive implementation of data protection throughout Klarna. Data Protection, privacy and consumer trust will continue to be one of our core values now and in the future, from management level down to the nuts and bolts.

A frequently asked question is whether or not the merchant and Klarna need to enter into a Data Processing Agreement. As the merchant and Klarna only process personal data for their own respective purposes, and not on behalf of the other part, there is no need for a Data Processing Agreement. This could be called dual controllership, not to be misinterpreted as joint controllership.

We are aware of the fact that many merchants have similar on-going GDPR-projects and might have questions regarding the interaction with Klarna. For this reason, or any other reason, you can always contact us and discuss data protection or privacy related issues or concerns. If you want to know more you can also check out this GDPR fact sheet put together by the European Commission.