In less than 2 weeks, the way we manage customer data will change dramatically. On May 25th, The new General Data Protection Regulation (GDPR) will finally come into effect, providing greater transparency, security and privacy for your customer’s personal data.
However, what does this mean for you as an ecommerce store owner, and more specifically, how will this impact your online marketing and personalisation campaigns in the future?
Our GDPR Unpacked series will help to answer these questions and more.
During this series, we unpack the implications of GDPR, what steps you should take to remain compliant and explore its impact on the future of ecommerce.
In our first blog, we break down the purpose of the legislation and the key changes from existing data protection laws.
1. What is GDPR?
It would have been impossible for policy leaders to imagine the many ways in which today’s data is stored, collected and transferred when the first Data Protection Directive was enacted back in 1995. GDPR finally replaces this outdated directive by providing stricter rules in controlling and processing personally identifiable information (PII).
The requirements will spread identically all over the EU organizations that manages any personal information about EU citizens. In fact, any organisation, whether based in the EU or not, will be affected if they engage with EU customers, and UK companies will still be liable under the legislation post- Brexit.
2. Does this apply to e-commerce stores?
Absolutely! The legislation covers any individual, organisation, and company that either 'controls' or 'processes' personal data and/or sensitive data.
A “Data Controller,” according to GDPR, is an individual or body which “alone or jointly with others, determines the purposes and means of processing of personal data.” As an ecommerce store owner, when you ask for your customers name, email, bank details when their shop on your store, you are acting as a data controller by gathering personal data and determining the type of data that you want to collect.
On the other hand, “Data Processors,” are those which “process personal data on behalf of the controller.” Processors are agents of the controllers and carry the technical processing on their behalf. See Fashion and other personalization platforms serve as “processors”, as we help you manage or process the personal data you may collect from your customers.
3. What is changing?
Under the GDPR, you are required to be more accurate in terms of handling individual’s personal data, including all the relevant documentations in place. If you notice a data breach, you are also obliged to report it to the ICO within 72 hours.
You will need to obtain and keep record of consents before you acquire, process, store and share any personal data about your customers. The terms should be clearly explained to your customers and they have the right to withdraw their consent at any time.
Individuals will be granted full access to any personal information held about them upon request. The reports must be accessible and written in plain english for your customers to understand. It will also be illegal to charge customers to gain access to their personal data and all requests must be processed within one month.
Your customers are also entitled to have all their personal information erased from your database. This also applies for any information held by 3rd party providers. You will be held directly responsible to inform any 3rd party partners with the links or copies of the data to take the same reasonable action.
GDPR will now join anti-bribery and competition laws as having some of the very highest sanctions for non-compliance.
Under the regulation, non-compliance could cost you up to €10 million or 2% of the global turnover (whichever is greater), whereas bigger “offenders” will face fines up to €20 million or 4% of the global turnover. This is a marked jump from the existing £500,000 penalty made by the ICO under current data protection legislation. In fact, experts suggest that the fines enforced against the likes of Talk Talk and Carphone Warehouse would be 79 times higher under the new regulation.
Your GDPR Checklist
As you can see GDPR is a very comprehensive legislation that will have wide-ranging implications for brands and retailers of any business size. To help assess your compliance so far, complete the following steps:
1. Find out what data you have, including its origins as well as where it is stored, used and shared.
2. Review and update your current privacy notices, especially how your customers can reach out to you to identify, correct or delete the personal data you collect on them.
3. Review how you obtain, record and manage consent of your customers’ data. If they requested information on their data, would you know how to export and present it clearly it to them? (We will talk about this more in our next blog)
In our next blog, we explain how to adapt your current marketing and personalisation campaigns comply with GDPR.
If you have any questions about how See Fashion ensures its clients remain compliant, email us at firstname.lastname@example.org. You can also subscribe below to have our GDPR Unpacked series straight to your inbox.
We just sent you an email. Please click the link in the email to confirm your subscription!
OKSubscriptions powered by Strikingly