Just worth to mention what GDPR stands for, as it seems to be a nice way to start explaining what actually GDPR is.
What is the GDPR?
GDPR is short for “General Data Protection Regulation”, may sound familiar enough, but it is a whole new regulation of personal data protection in the EU (any organization that handles data about EU citizens, whether the one is located in the EU or not) with an effective date of May 25, 2018. The GDPR obviously intends to help protect any personal data and provide extended rights around it.
Does GDPR affect your e-Commerce store?
The “D” in GDPR means you have to deal, with a lot of data, but does that mean GDPR should bother you, as a e-Commerce website owner.
GDPR could affect you and your online store, in the following cases:
- You use Google Analytics to track and collect data on visitors.
- You use registration form on your Website.
- You collect information to process payments and orders (which makes sense).
- Your website has a newsletter functionality.
- Your site uses cookies.
- You have a contact form to keep in touch with your site visitors.
Here are some of the most basic requirements:
- The right to be informed.
- The right of access.
- The right of rectification.
- The right to erasure.
How to make your website GDPR-compatible?
1. Keep Your Data Safe and Secure
Your site visitors or customers should be able to receive any personal data, such as email address, purchase history, phone number, he or she has provided to your store without obstruction or delay from you, so that you should do a regular backups of your store database.
2. Keep Customers Informed
Customers and visitors of your online store have the right to obtain information on how and for what purposes your store uses any provided personal data.
This means, you should provide a privacy note on Account Registration, or Product Purchase and inform visitors about how you collect the data. E.g. let your site visitors to know that you use Cookies, etc.
3. Right “To Be Forgotten”
This means you should delete any mention of customer from ALL the tools and databases you’ve used to manage your online store upon your customers’ request.
Any registered customer of your store should be able to delete his or her account.
4. Deactivate Any Default Opt-ins
Do NOT use pre-ticked boxes or other pre-selected options for your online store. The check-boxes should always be clear.
5. Keep Data Fresh
The customers should be able to update details through their online account.
So, simply enable the registered customers to change their name, password, or contact information that is indicated on the user’s account page.
6. GDPR-concept Design
The banner and all supporting information must be in clear and easy-to-understand language.
7. Reduce the Amount of Data Stored
The less personal data you collect, the better the overall data security is.
Make sure that only necessary fields are covered, if you don’t need to know the customer’s gender, do not include this field in any registration or contact form.
Helpful GDPR Resources:
- EUGDPR.org — check this official resource for detailed information about General Data Protection Regulation.
- GDPR: 12 steps to take now — 12 steps you can take now to prepare for the GDPR.
- Getting ready for the GDPR checklist — tests to check your website readiness for GDPR.