GDPR: what e-commerce businesses need to know
The General Data Protection Regulation (GDPR) is a new European Union (EU) regulation coming into force on May 25. It will affect all companies operating within the EU, as well as those located outside the territory but with customers within its borders—which means it could impact your e-commerce business.
While the GDPR will require a review of how you currently process personal data, there’s no need to panic. Here’s a handy breakdown of what the GDPR is, how it will affect your business and what you need to do to prepare.
What does the GDPR mean exactly?
The EU revised its data protection regulations around how companies collect, use and share personal data. From May 25 onwards, customer data collection of any sort must be opt-in only, stored securely, used only with the customer’s consent and be made available at their request.
It should also be kept only for as long as necessary and not transferred to any region outside the European Economic Area, unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data, and be erased on request. Basically, people will have the right to be forgotten.
What is “personal data”?
Personal data can be anything from emails, photos and social media posts to IP addresses, bank details or any other customer information that makes it possible to identify an individual, either directly or indirectly.
Who does it apply to?
All companies, businesses and organizations collecting and processing the personal data of EU residents.
What does it mean for me and my e-commerce business?
You’ll need to review all your methods of collection, processing and storage of personal data and implement changes such as double opt-ins as necessary.
All consent must be explicit, meaning that implied consent or a disclaimer in fine print is no longer adequate, and you must be able to prove what the customer has consented to.
You should also review any companies that collect data on your behalf (think: courier services or shipping companies) to ensure they are compliant. Failure to do so could incur fines of up to €20 million or 4 percent of annual turnover from the previous year, whichever is greater.
It’s worth pointing out that the purpose of GDPR is not to make it more difficult for you to sell, market or perform any of your business’ basic functions. It’s to give consumers greater control over who collects and processes their personal data, what it’s used for and how it’s kept safe.
But my business is not based in Europe. Does it still affect me?
Regardless of your location, you need to be compliant with the new rules if you collect and process the personal data of anyone residing in the EU, even if you have no physical presence there.
Since you have an e-commerce store, chances are you have European customers, or will have at some point. Brexit will make this even more complex, so it’s best to start sorting things out now.
What do I have to do?
Start by reviewing your existing data collection processes. The good news is that while the GDPR is a new rule, it builds on existing regulations. So you’re off to a good start if you are already compliant with those.
Remember, the GDPR requires you to request consent from customers before collecting their personal data (by way of offering them a checkbox that must be selected; don’t use pre-ticked boxes) and it must be clear from the get-go if you plan to use their information for other marketing purposes.
Ask a lawyer or GDPR specialist for advice if you’re unsure of what’s legally required of your business.
Bigger companies will need to appoint a Data Protection Officer to ensure compliance and it’s worth checking out that any customer relationship marketing software (CRMs) or other platforms you use to capture data are compliant, too. Remember, it’s your responsibility to comply with the new regulations.
If you’re looking for more information, check out the Data Protection Commissioner’s guide for organizations and businesses, which includes a 12-step plan to prepare, and keep an eye on the developing guidelines.
Sell more with a connected e-commerce platform
Sign up for a 14-day trial today. No credit card needed.