Just worth mentioning what GDPR stands for, as it seems to be a nice way to start explaining what actually GDPR is.
What is the GDPR?
GDPR is short for “General Data Protection Regulation”, and may sound familiar enough. Still, it is a whole new regulation of personal data protection in the EU (any organization that handles data about EU citizens, whether the one is located in the EU or not) with an effective date of May 25, 2018. The GDPR obviously intends to help protect any personal data and provide extended rights around it.
Does GDPR affect your eCommerce store?
The “D” in GDPR means you have to deal, with a lot of data, but does that mean GDPR should bother you, as an eCommerce website owner?
GDPR could affect you and your online store, in the following cases:
- Use Google Analytics to track and collect data on visitors.
- You use the registration form on your Website.
- It is logical for you to gather information in order to handle payments and orders effectively.
- Your website has a newsletter functionality.
- We utilize cookies on your website.
- A contact form is available on your website to maintain communication with your site visitors.
Here are some of the most basic requirements:
- It is the right of every individual to be informed.
- The entitlement to obtain access.
- The right of rectification.
- An individual’s right to be forgotten.
How to make your website GDPR-compatible?
1. Keep Your Data Safe and Secure
Your site visitors or customers should be able to receive any personal data, such as email address, purchase history, and phone number, he or she has provided to your store without obstruction or delay from you, so you should do regular backups of your store database.
2. Keep Customers Informed
Customers and visitors of your online store have the right to obtain information on how and for what purposes your store uses any provided personal data.
This means you should provide a privacy note on Account Registration, or Product Purchase and inform visitors about how you collect the data. E.g. let your site visitors know that you use Cookies, etc.
3. Right “To Be Forgotten”
This means you should delete any mention of the customer from ALL the tools and databases you’ve used to manage your online store upon your customers’ request.
Any registered customer of your store should be able to delete his or her account.
4. Deactivate Any Default Opt-ins
Do NOT use pre-ticked boxes or other pre-selected options for your online store. The checkboxes should always be clear.
5. Keep Data Fresh
The customers should be able to update details through their online accounts.
So, enable the registered customers to change their name, password, or contact information that is indicated on the user’s account page.
6. GDPR-concept Design
The banner and all supporting information must be in clear and easy-to-understand language.
7. Reduce the Amount of Data Stored
The less personal data you collect, the better the overall data security is.
Make sure that only necessary fields are covered, if you don’t need to know the customer’s gender, do not include this field in any registration or contact form.
Helpful GDPR Resources:
- EUGDPR.org — check this official resource for detailed information about General Data Protection Regulation.
- GDPR: 12 steps to take now — 12 steps you can take now to prepare for the GDPR.
- Getting ready for the GDPR checklist — tests to check your website readiness for GDPR.
