What makes e-commerce business great is that it is much easier to expand (even outside the borders of your home country) than ever before. In addition, you can collect and use customer data, which is a major advantage that traditional brick-and-mortar shops don’t have.
However, customer data are personal data, which are subject to the new General Data Protection Regulation (GDPR) entering into force on 25 May 2018.
GDPR will have impact on any company established in the EU or serving clients in the EU.
GDPR provides individuals the right to access, rectify, delete and restrict the processing of their personal data. The regulation also imposes strict rules on businesses on how to seek customers’ consent with the use and processing of their data. This is especially important if you use customer data for purposes other than just to fill in an order, i.e. for marketing or ads.
Under the GDPR, any information gathered or stored that can be used to reveal the identity of a natural person is considered personal data. If your clients can create accounts on your e-commerce portal or if you collect their e-mail addresses, such data are also considered personal data. Even data that can’t be used to clearly identify an individual, e.g. IP address, is considered personal information.
GDPR takes effect on 25 May 2018.
What exactly do you need to prepare for?
Here’s a few questions that you should ask yourself:
- Do you need to review your personal data protection policies or modify the information that you disclose to clients?
- If your e-shop uses third-party apps or themes/templates, do these platforms comply with GDPR?
- Do you need to appoint a data protection officer?
- Do you need to start conducting documented data protection impact assessments?
- Do you need to seek clients’ consent with data processing and do you need to change the way how you get the consent to be GDPR compliant?
- Will your customers and users be able to exercise their rights under the GDPR, including the right to access, rectify, delete and export data?
These are standard questions – not steps – that you need to ask yourself. Each company is different and you may need to take more (or fewer) steps than other e-shops to be GDPR compliant. If you are not sure about the exact impact on your business, we recommend to seek legal advice.
To put it simply, individuals will enjoy more data protection rights under the GDPR, while the term personal data is defined very broadly. You can use guides on the new legal rules available here:
If you are interested in the topic of GDPR or if you still have some unanswered questions, stay tuned and follow our blog. In the upcoming weeks, we will cover more topics and areas related to GDPR. So don’t forget to follow us and sign up to our newsletter, we only send it once a month e :)
More articles from the GDPR series:
- GDPR: What you should know about the new Data Protection Act (you’ve just read it)
- CloudTalk and GDPR, how to prepare?
- GDPR and e-commerce