What is GDPR?
On 25th of May 2018, the General Data Protection Regulation (GDPR) enters into force. It introduces a number of new requirements for all organizations that store, process and transmit personal data throughout the European Union. Due to the quantity and quality of the collected information, e-commerce is one of the major market segments affected by the new. This new reality raises a number of questions and concerns.
GDPR requires e-commerce operations to be prepared for the new regulations starting from May 25, 2018. One of the main challenges for compliance is the lack of a transitional period for adjustment to changes after the designated date, which means the window for taking measures to comply is small. What should e-commerce businesses do to follow good practices when it comes to protecting customer data? Here are some selected examples.
Separate checkbox, please
In order to demonstrate compliance with GDPR regulations, e-commerce shops should review their current practices regarding obtaining consent for the processing and storage of personal data. New requirements give more control to customers of online stores.
GDPR is very clear about what this process must include. It requires the e-shopping process to use checkboxes with a set of separate consents for different aspects of data usage:
- order processing
- marketing purposes
- statistics or transfer to other companies
The consent must be clearly formulated in a statement or confirmation. Each consent statement has to be easily accessible and visible to the customer because hiding consent in the regulations, without the client’s knowledge, is forbidden.
GDPR and the right to remain anonymous
Every e-commerce business should strive to protect the privacy of their clients. This is directly connected with informing them about changing rules by new entries in the regulations of online stores. GDPR is aimed at increasing consumer awareness of the rights and methods of using their personal data. A customer’s right to remain anonymous is one of them.
This means that each e-commerce client can require from the data controller access to personal data and additionally may demand the cessation of data processing. The new e-commerce regulations must also include information about the possibility for the consumer to bring a complaint to the supervisory authority.
Are you profiling me?
Profiling e-commerce clients is one of the key factors in the area of creating an offer responding to a client’s needs, targeting the ads more effectively and predicting future shopping activities. In terms of personal data processing, profiling uses the possibility of grouping e-commerce clients in demographic and behavioral terms. And GDPR also has a response to that.
From the 25th of May, 2018, each customer must know he is being profiled and online store’s responsibility is to obtain clear confirmation of this knowledge in the form of the client’s consent.
Data breach? Report it
Personal data is a valuable resource and the risk of data leakage increases every day. All e-commerce operations should pay special attention to confidential information about their own business and clients. Potential data breaches are one of the crisis situations which is also regulated by GDPR.
According to the new law, any incident related to a data leak or breach of its storage security must be reported to the applicable supervisory body within 72 hours from the moment of noticing the incident. Furthermore, in certain cases GDPR requires businesses to notify all persons affected by the data breach.
GDPR and the future of e-commerce
General Data Protection Regulation definitely change the e-commerce world. But what seems to be a revolution today, in the near future it will become a sign of evolution in the field of our personal data protection.
Unification of European Union law equips each e-commerce environment with a set of ready instructions that will definitely support the reinforcement of company transparency. It also gives the number of opportunities to define critical areas, streamline internal processes and improve the client’s experience. This means that this important new acronym additionally stands for Good Digital Practice Rules!