Dropshippers, Sellers & Buyers! Its here! One of the best things about being an ecommerce entrepreneur is seeing your products sent to all different parts of the world.Assuming a business started in Roma can have customers in Manilla, Hyderabad and New England. But the laws for all those countries vary, and very shortly (May 25th to be exact) the rules that apply to the data of EU citizens will change. In this post i will talk briefly about:
What is the GDPR
How you can get brand GDPR compliant
What you can do with customer data
Just because you don’t have EU customers now, does not mean that you don’t need to get yourself GDPR compliant.If you have any customers in the EU, these rules apply to you, regardless of where your brand is based. By agreeing to sell in Europe, you agree to abide by EU laws – and that means making your store GDPR compliant. So if you need to get your ecommerce store GDPR compliant, let’s first take a look at what that exactly means.
What exactly is GDPR?
GDPR is an acronym for General Data Protection Regulation. It’s a regulation that will apply to the way anyone handles the data of EU citizens from May 25th.The GDPR is not to be confused with the EU’s ePrivacy regulation. ePrivacy was implemented to bring the privacy rules of each EU country into alignment. Now that most of these laws are aligned, the GDPR will aim to make all these laws harmonious over each member state. When it does come into play, it will be one of the most forward-thinking and restrictive data policies ever. It will no doubt, have a say in how companies of all different shapes and sizes handle the data of their customers. In the most non-legal way possible, the GDPR will:
Increase the rights EU citizens have over their personal data
Widen the scope as to what the law defines as ‘personal data’
Enforce strict guidelines about getting consent from your customer to collect their data
The overall goal of the GDPR is to make it harder for data-gatherers to do shady stuff with data. Long story short, the individual will own their data, not you.The biggest right that the GDPR will give citizens is the right to change, remove and restrict the processing of their data. Customers currently have access to their data, but ‘data owners’ are allowed to charge a customer 10 pounds to access and modify their data. GDPR will remove this. If an EU customer requests access to their data, you must provide them access within 30 days. Everyone will also have the right to be informed that your company has data about them. Under GDPR law, you, the seller, are responsible for protecting the data of that individual, even if you’re using a third party platform, like Shopify or MailChimp. It also means that if an EU customer gets in contact with you and asks you to remove their data from your store, you are bound under EU law to comply with their request This is a game-changer for Facebook ads and other forms of personalised marketing. But before we get into that, let’s discuss what you need to do to get your brand GDPR compliant.
How Can You Become GDPR compliant
So now we know what exactly GDPR is, it’s time to take a quick look at what you need to do to get your store above board before May 25th. Keep in mind that every store is different and therefore, every store will need something a little different.If you’re not entirely sure that what you’ve done is enough, find a lawyer to help you out and make sure you’re free of vulnerabilities. Now, what exactly do you need to do to be GDPR compliant?
Review your returns and refund policy to inform buyers that you will need access to their data to process a return
Review third-party apps and themes that you use in your store. Email marketing, Facebook ads and Google AdWords, for example.
Be accessible and give them control over data should they request it. – Example, if a French customer emails you and asks you to remove every trace of their data, how will you do it?
Establish how you will ask your customers for their permission to process their data.
These steps are only basic, and the extent that you need to go to in order to become GDPR compliant will vary. Familiarise yourself with legality and eCommerce laws to ensure that you’re above board.
Remove default opt-ins or apps
Give customer access to their data
As mentioned earlier, a user will need to be able to see the data you have on them within 30 days of requesting it. This means that it’s crucial for you to keep your data clean, tidy, well presented and easy to be digested by the customer at any point in time. In the unlikely event that your database does suffer a breach (even if customer data is not accessed), you’re legally required to tell your customer base that there has been a security breach. For these reasons, it’s good to not only have a playbook about how you will show customers their data, but also a contingency plan – how will you tell your customers that there has been a leak?
Mistakes can be costly
Accidents happen and cyber crimes will only grow in numbers (and complexity) in the coming years. This means that you need to be proactive and on the front foot with your database security. In the event of a data breach, the consequences are harsh. You may be fined 20 million Euros or 4% of your annual income– whichever is greater.If your company earns less than €800,000 per year, you will be fined up to €20,000,000 for breaching GDPR rules. Owning a brand and selling online is going to be either expensive or time-consuming – the choice is yours. As an online seller, you most certainly rely on other third-party tools to help you deal with your jobs.
It hard to be enthusiastic about the EU’s new data laws as an online seller. It simply creates more work for you and sucks up time that can be better spent growing your brand. That being said, GDPR compliance is a breeze if you’re not sneaky.If your aim is to double cross or con a customer into giving up their data, then yeah, you’re going to get burned. Enjoy it!