euifypuzzel.jpg

FAQ

Frequently asked questions

General

Is the Import One-Stop-Stop (IOSS) mandatory?


No, you don’t have to register for IOSS, but the question should really be, why wouldn’t you? Improved cash flow by taking VAT at checkout, single EU VAT registration, less red tape, cheaper shipping costs, no surcharges, faster shipping, brand protection etc.




Can I use IOSS for goods over 150 EUR in value?


No, IOSS is specifically designed for goods under 150 EUR in value. However, if your goods are over this amount, there are other options available to you to ensure seamless EU trading, including setting up a Dutch entity, warehousing your stock in the Netherlands and fulfiling from there. Ask info@euify.eu for futher details.




I only send a couple of packages per week to the EU per month. Is IOSS worth it?


The first question here is how are you sending the packages. DDP? If so, your DDP costs could be e.g. 9 x 14 GBP per month, approximately the same price as the EUify-IOSS flat rate for up to 500 packages, not to mention the numerous benefits of IOSS over DDP (customs clearance etc). Also, why not use this as an opportunity to grow your business in Europe, the 550 million market on your doorstep?




How long does it the take to get my IOSS number?


You’re IOSS number is essentially a VAT number in the selected country, and in our case, The Netherlands. The IOSS registration with the Dutch tax authorities can take from around 4-6 weeks, so the quicker you register for IOSS, the quicker you can reduce costs and speed up deliveries.





GDPR

What is the GDPR?


The GDPR requires organizations to implement “appropriate technical and organizational measures” to secure personal data and provides a short list of options for doing so, including encryption. In many cases, encryption is the most feasible method of securing personal data. For instance, if you regularly send emails within your organization that contain personal information, it may be more efficient to use an encrypted email service than to anonymize the information each time.




Who must comply with the GDPR?


Any organization that processes the personal data of people in the EU must comply with the GDPR. “Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc. “Personal data” is any information that relates to a person, such as names, email addresses, IP addresses, eye color, political affiliation, and so on. Even if an organization is not connected to the EU itself, if it processes the personal data of people in the EU (via tracking on its website, for instance), it must comply. The GDPR is also not limited to for-profit companies.




What are the GDPR fines?


The GDPR allows the data protection authorities in each country to issue sanctions and fines to organizations it finds in violation. The maximum penalty is €20 million or 4% of global revenue, whichever is higher. Data protection authorities can also issue sanctions, such as bans on data processing or public reprimands.




How do I comply with the GDPR?


Organizations can comply with the GDPR by implementing technical and operational safeguards to protect personal data they control. The first step is to conduct a GDPR assessment to determine what personal data they control, where it is located, and how it is secured. They must also adhere to the privacy principles outlined in the GDPR, such as obtaining consent and ensuring data portability. You may also be required to appoint a Data Protection Officer and update your privacy notice, among other organizational measures.




What is a Data Protection Officer?


A Data Protection Officer (DPO) is an employee within your organization who is responsible for understanding the GDPR and ensuring your organization’s compliance. The DPO is the main point of contact for the data protection authority. Typically, the DPO has knowledge of both information technology and law.




Does the GDPR require encryption?


The GDPR requires organizations to implement “appropriate technical and organizational measures” to secure personal data and provides a short list of options for doing so, including encryption. In many cases, encryption is the most feasible method of securing personal data. For instance, if you regularly send emails within your organization that contain personal information, it may be more efficient to use an encrypted email service than to anonymize the information each time.