For many of us, it is a fact we take for granted that our personal data is treated with respect and confidentiality. But the truth is that until the mid-2010s, we were lending our personal, confidential data to internet companies with little legal protection.
This is why the EU introduced General Data Protection Regulations (GDPR) in May of 2018. This signified a huge shift for all online businesses, who had to assume the responsibility of safeguarding their customers’ information.
So how do GDPR regulations affect online businesses, and in particular eCommerce store owners? Let’s start from the top.
What is GDPR?
Broadly speaking, GDPR exists to protect all EU members’ personal data, particularly online. It comprises some of the toughest privacy and security regulations in the world. Even if your business is not based in the EU, if your customers reside in an EU country, these rules apply to you.
The formula for complying with GDPR is – in the most basic terms – as follows:
- Business owners can then exclusively process this private information exactly as the customer has requested or consented to.
- Personal data can only be stored for a limited period of time. This is dependent on the actual need to store that data, i.e. for the duration of a contract.
- Customers must be able to access, edit, and delete their personal data at any time.
- Failure to comply with the regulations can result in hefty fines.
So let’s look at a couple of key definitions to help understand GDPR for eCommerce businesses:
- Personal data: Information that relates to an individual, identifiable or unidentifiable. This includes consciously collected data, like names and emails, and other identifiers like IPs and demographics.
- Processor: When you store or take an action with any personal data, this is referred to as ‘processing’, and this makes you the ‘processor’.
Do GDPR regulations apply to my business?
The short answer is, if you have any EU customers, yes. Every resident of the EU is protected by the privacy laws outlined by GDPR. So whether your business is online or offline, based in Berlin or Beirut, your EU resident customers have the right to these protections.
As eCommerce businesses gather multiple sensitive data points about their customers – their name, email address, physical address, bank details, and more – it is vitally important that you understand and apply GDPR rules through your eCommerce website.
Must-haves for eCommerce owners to comply with GDPR
So you’re building your eCommerce site. Here’s the best actions to take to comply with GDPR, and work ethically with your customers’ data:
- How will you store customer data? Choose a secure database which allows you to separate, access and edit different fields of data.
- Under what circumstances can you process data according to each subscription type? From newsletter sign-ups, to paying customers, you need to know exactly when and why you will be processing data.
- For what duration will you store personal data? As we have seen, it is necessary to set a time frame for storing personal data, so you need to judge a reasonable length of time to keep customers’ information for your eCommerce business.
- Gather consent, everywhere
Every time personal data is submitted via your website, you become responsible for that data under GDPR. So, add a checkbox to each lead generating form that gathers and saves their consent. Easy as that! P.s. Customer consent always comes first. Make sure they can withdraw consent at any time.
- Secure your website from malware and hackers
Keep your customer data safe! Storing personal information requires SSL certificates, firewalls, and other security plugins to stop malicious attacks.
- Already have a customer list? Time for an audit!
All these steps can be taken in retrospect, via a database audit, and ‘opt-in’ emails. Better late than never!
A note about cookies
Some parts of GDPR legislation, combined with the ePrivacy Directive, also requires consensual uses of cookies. First and third party cookies track customers online, therefore also gathering data about their IP and behaviour. Make sure you also ask website visitors for cookie consent (it is very likely your website uses some cookies), even if they’re just browsing your virtual store!
For any budding entrepreneur starting out in eCommerce, GDPR is a complicated topic, and this article just scratches the surface! In order to protect your customers and the longevity of your eCommerce business, your best bet is to start by implementing these processes and stay informed with legislation.