Only a few hours away until the General Data Protection Regulation principles will come into force. This means that you still have a short amount of time to check the GDPR compliance of your ecommerce business with all the EU’s requirements.
In this post, we will try to provide in a nutshell the most necessary information about the looming legislation on controlling and processing personal data of your users. As well as to include useful links where you can examine how GDPR works in detail. You will also find a short GDPR checklist at the bottom of this post that can possibly help you avoid huge fines after 25th May 2018.
In 2010, the European Commission set out a strategy to strengthen EU data protection rules and revise the EU’s 1995 Data Protection Directive and the 1998 UK Data Protection Act that are both now outdated.
They had conducted a survey among EU citizens which emerged that, 61% of users are anxious about their personal information privacy ecommerce websites hold, and more than half of their concerns (55%) were about fraud when shopping online.
According to the survey, 75% of respondents would like to be able to request and delete their personal information online whenever they want. And over 90% of people wanted to have the same data protection rights across Europe.
During 6 years, the European Commission had been elaborating the principles of user data protection and efficient methods of their implementation into the worldwide Internet. And finally, in 2016, GDPR passed by the EU parliament. Let us consider these principles generally.
In the law, the term ‘personal data’ is defined as ‘any information relating to a living, identified or identifiable natural person.’ These principles apply to all public authorities which hold and track data of any EU citizen.
Therefore, GDPR concerns you if:
It does not matter if your ecommerce website was built using WordPress, Magento, WooCommerce or Joomla, or you have developed the site in your own CMS. GDPR is only about your users and the security of their personal data.
What is ‘Personal data’ under GDPR:
GDPR principles have generated a lot of buzz because of the large fines for non-compliance. The largest fine can be up to 20,000,000 EUR, or up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. This is why a majority of large companies decided to spend more than million dollars on GDPR compliance.
But you should remember that every situation is unique, so the size of a fine will be estimated on the one-to-one basis.
Generally, there are two main reasons your retail company can be fined: a mass leak of personal data and violation of sensitive personal data.
This is a must-have step you should start with (if you have not done this already). Your ecommerce company should have a Lawyer/Solicitor who is au fait with all GDPR details and will take care of your customers’ data protection. In case you hold and process sensitive data with a high risk of disclosure, or you are expecting a mass violation of data, you need to hire a Data Protection Officer.
Among their responsibilities are responding customers’ complaints and monitor your ecommerce website GDPR compliance, especially if your company is testing new solutions, forms, marketing emails, developing a new website interface or app.
Also, your data protector officer (or specialist) is required to notify the ICO of data-breach notification within 72 hours if this is a systemic failure, hack attack, or any other problem that may lead to serious consequences for your customers’ security.
General Data Protection Regulation can, and will have a positive effect on the online retail sector. Inasmuch as this can enhance customer confidence and loyalty, as well as increase trust in the payment process. This is why we recommend you inform your customers that you will take care of their personal data non-disclosure in the best way.
There is a huge number of requirements and details in the primary GDPR document. But we have tried to include the most necessary into this checklist. Look at this to find out if you have not missed anything to implement into your website, emails, contact forms, and every consent form.
Data Protection Specialist
Consent Compliance Checklist
You can also find several options how to create a GDPR-friendly consent form template here.
To get more detailed information about the requirement to contents, please, look at the United Kingdom’s ICO GDPR Consent Guidance.
Be sure that you don’t send your customers’ personal data, including email addresses, names, users ID’s, location data, transaction ID’s, IP addresses, to Google Analytics at the code level. Read this Google article to find more.
Users have got used to clicking positively on most consents, unfortunately. This is why we would recommend you create an additional re-consent popup to make sure that your customers understand what data they leave.
This document needn’t be uploaded to your website, but this could be a strong legitimate basis for your actions when you receive a complaint.
Today, GDPR is still very much in its early stages and will evolve in time. Nevertheless, this is now common courtesy toward your customers in terms of a global trend to business transparency.
We know this requires time and resources, which we hope you have already in place by now. But your hard work and effort to become compliant will gain customer trust.
You may also like
Choose quality and trusted services to improve the presence of your company on the Internet, and feel free to contact our UK team if you have any questions.
We’re here to share some easy-to-follow SEO tips, tricks, and strategies that have worked wonders for many successful blogs.
The global revenue of the car rental market is estimated at $100 b. The niche shows a stable annual growth rate of 2.99% by 2027.
We at Promodo are ready to help you improve your performance across all digital marketing channels.Get started