General Data Protection Regulation | Effective May 25, 2018

Personal data has become one of the hottest topics in the news, community forums, and tech blogs as the number of data breaches continues to increase. Consumers are demanding heightened security standards and legislation is being enacted to ensure personal data is properly secured.

In an effort to protect citizens and their personal data, the European Union has enacted new legislation called the General Data Protection Regulation. Below we have outlined the basics of GDPR and what it means for your ecommerce business.

GDPR Overview

The General Data Protection Regulation, GDPR for short, is the legal guidelines for which personal data is collected, used and processed by businesses for citizens within the European Union. In other words, any data your business is storing with a person’s name or ID must meet the new GDPR regulations.

After a two year transition time, this regulation will be enforceable starting Friday, May 25, 2018.

Online businesses that operate or have customers in Europe are now responsible for and must know how and where data is collected and stored as part of these new guidelines.

What this Means for Your Ecommerce Business

These new regulations may still impact your business even though you do not physically operate in the EU. More specifically, if you have customers or contacts that live in the EU, then your business must meet the new standards to achieve compliance. Your business could receive a fine (up to the larger amount of 4% of your company’s global revenue or €20 million) should no action be taken to comply with these new personal data regulations.

It’s not too late to create and implement a data protection plan to avoid the risk of being non-compliant with the new regulations. Perhaps the most direct way to get users to opt-in is to create a form on your website or send an email to your user database asking them to opt-in. If you’re going to use a check box, make sure it’s left unticked to give them the choice to opt in.

What Your Ecommerce Business Needs to Do Now

Update your privacy policy to include:

— Why you’re collecting data

— Examples of data collected

— How long data is being kept

— What data is being used for – general use or profiling

— How you are keeping data secure

• Require users to opt into giving you personal data and make sure you can prove they have opted in.
• Identify and state any third party service used to collect or store personal data from users including Google drive, Google Analytics, Dropbox, and marketing automation software, just to name a few. It is your responsibility to ensure that any third party software or service you use is compliant. Simply put, if a software or service you use is not compliant, then your business is not compliant.
• “What this means is that all existing contracts with processors (e.g., cloud providers, SaaS vendors, or payroll service providers) and customers need to spell out responsibilities. The revised contracts also need to define consistent processes for how data is managed and protected, and how breaches are reported.” (CSO Online)
• Don’t forget about mobile. Be sure to include apps when identifying sources of data collection.
• Secure data with two-factor authentication.
• Define a process for which your data management team deletes outdated personal information.
• Only collect the information that is needed from customers. Do not ask and collect customers for data regarding race, politics, religion, union status, health data, sex life or sexual orientation. Be sure to clearly communicate the purpose for which the collected data will be used. As a best practice, be transparent with all data collection verbiage.
• Educate your staff to ensure they understand the importance of secure data and the need to only collect information that is needed.
• Minors under the age of 16 cannot provide consent. Therefore, you might consider adding filters to prevent capturing data from children.
• Provide links to your privacy policy on any page data is collected, including community forums.

Read more about the General Data Protection Regulation

Benefits of new GDPR for Your Ecommerce Business

• Trust is established with your company and customers are more inclined to purchase and provide their sensitive data to your business.
• Now that your business is required to manage data, your team will have the opportunity to remove irrelevant data and clean it up altogether.
• Minimizes risk of data breach and business downtime
• By requiring customers to opt-in, you can generate more active and qualified leads. The data from users that don’t opt-in can be discarded.

Don’t let your business suffer from avoidable non-compliance fines. Start taking the necessary steps to ensure compliance now.