DAC7 Guide
David Hansson

Time to read – * min

DAC7: 5 Lessons Learned From GDPR (UPDATED: July 2023)

In 1st January 2023, a new law affecting digital platforms came into play. So far, here are the lessons we learned from GDPR.

Do you remember what it was like when GDPR was enacted? Companies had to redo their processes on how they treat data. Although the intentions were good, it wasn’t without some hiccups.

In 1st January 2023, a new law affecting digital platforms came into play, which will have to be reported by 31st January 2024 - DAC7. However, you don’t need to panic, as we’ve prepared some tips to help your business stay compliant when implementing DAC7 in your organization.

Although GDPR sounds like a basic concept, its execution has left many organizations rethinking the way they operate to stay compliant. As new laws are implemented, companies have to adapt too. 

In this blog post we will dive into the different lessons that GDPR has taught us that we should remember when preparing to become DAC7 compliant. If your digital platform is affected by the new DAC7 Directive, you also can’t overlook complying with GDPR.

Now that DAC7 is active, you might need to update your privacy policy to reflect the new changes. So far, here are some lessons learned from GDPR:

1. Prepare and implement your processes and systems in time

You need to prepare and establish processes that help your platform stay compliant. For most organizations, these new rules mean new challenges since they also have to collect new data that may previously have been overlooked as they were irrelevant to their business. To get things right it is important to do an oversight of different systems and how they work today to understand what needs to be added, removed or rationalized.

Having this understanding and some time for implementation means that you can test and improve the efficiency of the processes and systems on beforehand. Maybe you don’t need to muddle with more administrative work when you can automate the process through a trusted third party. You don’t need to start from scratch when there are solutions you can use. Having the time allows you to efficiently find solutions and overcome the problems imposed by the new requirements.

2. Continuously increase and update the knowledge base

When GDPR came into effect, there was a lot of fear, primarily due to the lack of information regarding the requirements and obligations. However, over time, businesses have grown to understand the role of GDPR, including the best way to stay compliant.

Have in mind that the actual interpretation of the law is determined over time e.g. through court cases. And it's important to regularly update and refine the processes to adjust for changes.

To avoid your users panicking, invest more in the knowledge base. If you already have resources, you must ensure they are updated to reflect the new changes. That way, your platform users can easily comply without making a fuss.

3. Avoid not meeting deadlines or requirements

Failure to comply with GDPR attracts sanctions and fines that may disrupt your platform’s operation. So far, the most significant GDPR fine is the Amazon GDPR fine - a whopping £636m. The fine proved how costly it can be not to meet the requirements and deadlines.

DAC7, on the other hand, is not without some serious penalties. They may vary on each EU member state, but they must be carried out ‘effectively, proportionate, and dissuasive.’ 

For example, in the Netherlands, reportable platform operators can be fined a maximum penalty of €900,000. They even risk criminal prosecution for failing to comply with the new directive.

4. Document your processes and decisions

For example, under DAC7, you’re asked to report the seller’s data, such as full name, address, and perhaps earnings. When doing that, it’s essential to document your decisions and processes, while also collecting and verifying only relevant information.

When you start early, you avoid the mistakes that come with the last-minute rush. While DAC7 forces companies to collect, verify and report certain data, GDPR urges you to protect your users’ fundamental rights and freedoms, particularly their right to protection of their data.

Please note that the data requirements that need to be handled may vary from country to country and are also prone to modification. Therefore, ensure you’re updated with the latest requirements to make informed decisions and stay compliant.

5. You don’t need to reinvent the wheel

There are a lot of skilled organizations that are ready to assist in all aspects of compliance, be it GDPR or DAC7. You don’t need to reinvent the wheel when solutions are already available. That way you save yourself the headaches and money of inventing something new.

If you should take away one valuable lesson from this piece, it is that you don’t need to meddle with any boring stuff. You don’t need to overcomplicate your processes either when there are solutions capable of handling the process. Start by taking our test to see if your business will be affected by DAC7.

Take A Test

Ready to start using Gigapay?