The deadline for GDPR, General Data Protection Regulation, has come upon us. On May 25th, the most comprehensive data privacy law has gone in to effect across the world. This new privacy law will effect any business, large or small, who may interact with individuals in the European Union. With e-commerce making it incredibly easy to do business with anyone regardless of location, it could directly effect your store.
GDPR gives individuals specific rights to access, correct, delete or restrict processing of their data. It also specifies strict guidelines about how to gain permission or consent to use the customer’s data. In additon, it specifies the definition of data, which can be found with all the other details on ICO.org.
As stated in the proprosal, the GDPR has three goals:
- Reinforce data protection rights for individuals.
- Facilitate the free flow of personal data in the digital market.
- Reduce administrative burden.
Because there is no way for certain to be sure of the location of individuals online, it would be beneficial for all e-commerce business owners to become GDPR compliant. If you are not already interacting with an EU market, being compliant is a great way to build that business. Another important reason for compliance is that if you do sell or market to anyone in the EU without being in compliance, the fines can up to $20 million euros (currently $23.5 million USD). Considering the cost of the fine, the cost of compliance is minimal.
How can I make my e-commerce business compliant?
A key factor of compliance will be in data collection and storage; therefore, consider the tips below:
- Enable the ability to quickly access records obtaining personal information so that you can supply, modify or delete it.
- Create a system to track the exact use of data and where it is distributed.
- Obtaining and recording statements of consent for joining the mailing list or tracking cookies.
- A system in place to alert potentially affected individuals of a breach of data within 72 hours.
- Discontinue the pre-population of consent forms.
- Appoint a data protection officer to oversee the systems and monitor compliance.
- Notify all customers and potential customers of your GDPR compliance by stating it in the Terms and Conditions page and the footer of emails.
For most e-commerce businesses, the most cost-effective approach is to bring your practices into compliance as opposed to trying to identify any EU customers and treat them differently. The burden of proof will lie with the business owner so in effect, it is better to be safe than sorry. On the bright side, at this time, the GDPR is not treating small businesses as strictly as larger corporations. For example, certain record-keeping requirements only pertain to companies with more than 250 employees.
Are the tools I’m using to help run my business compliant?
The majority of e-commerce businesses are utilizing additional software to assist with sales and marketing. As the business owner, you will want to ensure that the software you are utilizing is also in compliance.
As one of the largest, Google has gone to great lengths to reassure e-commerce store owners that it will be completely GDPR compliant by the deadline. A comment from Google stated:
“We are working hard to prepare for the EU’s General Data Protection Regulation (GDPR)…. We are committed to complying with the new legislation and will collaborate with partners throughout this process.”
Another widely used software, Mailchimp, is also heavily invested in GDPR compliance. With all of the attention surrounding the privacy law, verifying the compliance of any company you are working with is as easy as a google search.
In conclusion, there is a drastic change coming in the area of privacy laws. It’s safe to say this could be a huge turning point worldwide for how e-commerce business owners manage personal data. The goal of the tips provided is to ensure you are ready.