Author: Amal Johny, Business Analyst
In our first blog on GDPR we have discussed the importance of the regulation and the impact it has already created for businesses and customers. In this blog we will enlist the key checkpoints that eCommerce players must abide by while implementing GDPR.
Key checkpoints to ensure GDPR compliance are as follows;
1. Collect essential data only
It is also important to skip unwanted fields. For example, if you don’t sell products that are illegal for children, do not ask for the users’ date of birth.
2. Clarity is king
3. Make sure to get clear consent
GDPR mandates that consent should be “freely given, specific, informed and unambiguous.” (Ref 1) This means you cannot afford pre-ticked boxes or use assumptions. (Ref 2) Also, while asking for user consent, you must use simple language and stay away from using words that can be misread.
4.Have a dedicated data protection officer
Today, each eCommerce business must appoint a dedicated data protection (DPO) officer. Some of the responsibilities of the officer will be to implement the GDPR policies, supervise how your employees comply with the rules, train them on the right ways of processing personal data including email security, strong passwords, two-factor authentication, device encryption, and the use of virtual private networks (VPNs). The DPO will also answer questions when needed.
Moreover, every employee having the right to access stored and collected user information must follow strict GDPR rules. This also means, employees like janitors and office managers who do not have direct contact with customers should not have access to user databases. This will greatly address the data theft issue. Another effective way is to make your employees sign a non-disclosure agreement (NDA) not only to avoid data leaks but also to hold employees accountable in case of a data breach, be it intentional or carelessness.
5.GDPR is location agnostic
It’s pertinent to note that all ecommerce stores, selling goods and services to Europeans, must be GDPR-compliant. This means, irrespective of the geographical location of your company, you will need to be GDPR-compliant in order to cater to EU citizens. Moreover, for companies outside the EU, it is good to have a company representative in the EU and work with local authorities on the company’s behalf.
There has been a major change in cookies’ policy post GDPR law enforcement. Earlier content was sent to customers by default. They had to opt-out of receiving emails from businesses. Today, organizations need to put in place a double opt-in so that customers clearly understand what they are doing.
7. 3rd party services must also be GDPR-compliant
Art.6(1B) of the GDPR law (Ref 3)says, every single service provider of yours should also be compliant. Do check that all service providers – including payment processors and cloud services are also compliant.
8. Justify your data
There are five ways to justify the use of the data according to GDPR. They are -
9. Keep record
Keep a record of the type of info you collect, its source, location of the data, people you share it with, and terms and duration of its use. To maintain accountability, keep detailed records of the data collection or produce other evidence of compliance that might be checked. Also, keep a record of all sub-processors involved in processing your users’ data and mention these sub-processors in your terms and conditions.
10. Report data breaches
Report data breaches involving personal data to the relevant authorities within 72 hours. Additionally, implement an effective procedure for handling data breaches.
In addition to the above mentioned points, here are some more points which will greatly help you to be GDPR complaint -
The above GDPR checklist is just a guide. Each business will have specific GDPR requirements to comply with. This might sound daunting and it’s only human to get agitated at new rules and regulations. However, do rest assured that in addition to storing personal data more rigorously and ensuring a sturdy data control mechanism, there is nothing to be worried of. In fact, after four years of GDPR, a host of industry experts agree that the new law benefits businesses that comply with it.
1. Lessens scam issues
Scammers are a pain point for all legit eCommerce businesses. They always seem to find ways into the security systems and target customers with unbelievable offers that don’t exist and are highly unfeasible. This ruins the reputation of the ecommerce industry big time! GDPR has been successful to address this issue to a large extent by considerably building customer awareness which helps them to act consciously.
2. Saves marketing costs
It might sound surprising but GDPR can actually save you thousands of bucks in terms of marketing costs, if you play by the book. This is because, while complying with the law you will be only reaching out to customers who agree to share their data. Also, when your users are proactive, it indicates that they have some level of interest which you could use profitably. In case of email marketing this becomes particularly evident, as customers have to share their email ids in order to receive email offers.
3. Boosts customer trust and confidence
Flaunting your GDPR compliance is actually a great way to promote your ecommerce business. By declaring how robust your data protection policies are and how committed you are towards protecting your customers’ personal data, you are actually winning their confidence. A TechRepublic survey shows 47 percent of respondents are worried about their data being hacked. Hence, assuring a secure user experience will be widely endorsed. With Mozanta creating a GDPR compliant eCommerce store is seamlessly easy At Mozanta Technologies, we have successfully created multiple ecommerce websites for clients from across the globe. In the process we have diligently analyzed GDPR and developed practical solutions to deal with the challenges that the law poses on eCommerce players. If you have an eCommerce store and are looking to cater to the European market we are always happy to help you. At Mozanta, we duly follow the best practices. You can know more about our projects and works by exploring our website.
The GDPR is a critical piece of legislation in today’s online business context. This makes all eCommerce businesses who constantly deal with sensitive information and private data, subject to the regulations. eCommerce businesses will need to rightly implement GDPR to stay hassle free and win customer trust. That said, achieving GDPR compliance is not the easiest of tasks. However, when done in partnership with a skilled team of eCommerce solution providers, the job gets easier.