![[Jcount.com]](https://www.jcount.com/wp-content/uploads/2014/08/jcount150X50.png)
![[Jcount.com]](https://www.jcount.com/wp-content/uploads/2014/08/jcountstartupslogo1.png)
The General Data Protection Regulation (GDPR) becomes official later this month — so the question must be asked: is your e-commerce store compliant?
If you’re twitching anxiously, you’re not alone. In fact, 60 percent of companies are expected to miss the May 25th GDPR-compliance deadline, with most citing “a lack of budget and staff knowledge to implement changes” holding them back.
While the GDPR in itself is quite exhaustive, these key details will ensure your e-commerce store is GDPR-compliant.
Why is the GDPR so Important?
The GDPR will change how companies doing business in the EU collect and protect consumer data. It’s the most comprehensive data law ever created and the fines for violating it are steep. Even if your store doesn’t currently do business in the EU, it might be worthwhile to start taking steps toward compliance now as a proactive measure.
Key Details to Be Compliant
If there’s any one thing to understand about GDPR compliance, it’s that consumers have complete control over their personal data, and businesses need to prepare and handle every interaction as such.
Right to Access & Erasure
Consumers have a right to access, correct, delete, or restrict processing of their data as they see fit. If an individual wants their personal data removed from your company’s database, GDPR gives you one month to do so.
Consent
Under GDPR, consent falls into three categories.
- Freely given
- Specific, informed, and unambiguous
- Clear affirmative [action]
You must always give consumers a choice to refuse or withdraw consent, and they need to know every instance of how their data might be used if collected. For example, if your e-commerce store collects consumer data for sales and marketing purposes, your opt-in must clearly communicate to consumers that their data will be used for those purposes.
Security Must Be a Top Priority
Organizations of all types face cybersecurity threats these days but failing to comply so far has mostly resulted in negative public perception and customer churn. Not so in the age of GDPR. Using ten criteria points to determine the extent of fines on businesses found to be non-compliant, fines can range from 10–20 million euros and between two to four percent of a company’s previous annual global revenue. Security in itself doesn’t ensure compliance but staying secure is one of the biggest challenges businesses preparing for compliance face.
Personal Data is Really Personal, Like, IP Address Personal
Under GDPR, personal data includes IP addresses in addition to names, emails and phone numbers. Any piece of data than can be linked back to an individual qualifies as personal data.
You Must Be Able to Comply with Consumer Requests
The GDPR lays out a set of consumer rights options and e-commerce stores need to be able to comply to any consumer request at any time. Saying you’re open to consumer consent isn’t the same as having processes to comply and follow through on real requests.
Depending on Your Business’s Intricacies, You Should Probably Consult a Lawyer
Given how steep the GDPR fines are and the potential for screwing something up, consulting with a lawyer makes too much financial sense. Each business will have specific nuances that could affect GDPR compliance.
Questions to Ask Yourself If You’ve Done No Prep
If you’ve done no thinking or preparation toward GDPR compliance, here are some questions to get you started. Every e-commerce store’s situation is ultimately different, so the more questions you ask yourself, the better.
- Do I need a data officer?
Whether you sell makeup from home or run a nationwide cosmetic store will probably dictate whether you need to hire a Data Protection Officer. But at minimum, someone in your company needs to be concerned with how data is being collected, processed and stored.
- What’s my privacy policy and disclosures to customers look like?
Now’s a great time to review your terms and wording to customers. The GDPR changes the tone of the conversation and your privacy policy and disclosures are the first impressions.
- Are the third-party applications and tools I use prepared for compliance?
As with bad company, the third-party applications with which you work can bring you down. If the companies and tools you use in your data workflow aren’t GDPR compliant, you’ll be on the hook for a violation.
Further Resources to Bring You Fully Up to Speed
It’s not wise to rely on an overview for full compliance confidence. Here are a few resources to pair with a lawyer consultation
ICO: Guide to Data Protection
Data Protection Commissioner
Some companies will inevitably be non-compliant come May 25. But hopefully, with these key details to ensure your e-commerce store is GDPR-compliant in place,
your business won’t be one of them.
