As an online seller, if you are selling to any EU countries, you should have been already familiar with GDPR or General Data Protection Regulation. If not, then this is the high time you know about it and prepare your store to comply with it.
What is GDPR?
One of the most radical changes affecting the online businesses in 2018 will be the European Union General Data Protection Regulation (GDPR). This new and unified approach to personal data protection gives EU citizens a lot more control over their personal data.
Perhaps the biggest change in the GDPR is redefining what personal data is and how it should be handled. Under the new regulation, personal data is defined as any information that can be used to directly or indirectly identify a person.
This far-reaching definition includes:
A person’s name
A person’s photo
An email address
A mailing address
Users IP address
The GDPR was first adopted on 27th April 2016. Now, it becomes enforceable on 25th May 2018 after a two-year transition period given to businesses to adopting with the changes.
The essence of the GDPR concerns the following three areas:
i) Get consent: the user must agree to get marketing campaigns from you.
ii) Provide adequate protection: you must protect the user’s personal data adequately.
iii) Delete, correct, or restrict when asked: If the user requests you delete, correct, or restrict the personal data you have, you must comply.
i) On the register/sign-up page:
As mentioned earlier, if you intend to send promotional emails (which you should do) to one who registers on your store, you should take the consent first.
Here are some examples of what you can do on your registration page.
On OTTO’s registration page they have a checkbox to opt for promotional emails.
ii) On the checkout page:
On the customer information page, below the input box for email, there’s a default checkbox for opting in newsletters and offers. You should keep that unchecked by default to comply with the active consent policy of GDPR.
iii) If you are collecting email id at any other place on your store:
If you are collecting email id anywhere on your website and send emails more than what the user signs up for, then to comply with GDPR, you need to take consent for the additional emails.
For example, OTTO has an opt-in for the newsletter in its footer. Here they have clearly mentioned the followings:
i) All the emails the user may receive.
ii) From whom (the company name) they will receive it
iii) How the user can revoke the consent.
iv) Get consent from the existing contacts in your list:
Now that you’ve updated your forms to comply with GDPR, you’ll be able to collect consent from new contacts. But, you still need your existing contacts to opt-in to your marketing permissions. The best way to do this is to send a campaign to each list affected by the GDPR.
v) Respect the consent:
It’s not only about having the option to get the consent, you actually need to respect it. Make sure your list is tagged properly so that you can easily create segments depending upon the consent and send emails accordingly.
Major email service providers like MailChimp and Omnisend has already started adopting the changes and has build system in accordance with GDPR.
2) Get consent for storing data using cookies:
As an online store owner, it’s most probable that you are using cookies on your store. Cookies are mainly used to store user’s data for different purposes like personalized shopping experience or retargeting users on different channels like Facebook or youtube.
If you are not taking the consent yet, it’s time to set this up.
Compliance with the cookie law comes down to three basic steps:
i) Work out what are the cookies your site uses with a cookie audit.
iii) Take consent from the EU users for using cookies. There are plenty of apps like EU Cookie Bar by Booster Apps which you can use to set this up very easily.
The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and digital privacy.
The whole world including you and me is concerned about the privacy of our personal data. With GDPR, EU is the first to take the initiative for safeguarding it’s resident’s interest. There’s no doubt that more countries will follow the path and bring their own regulation in line with GDPR.
It’s time to you prepare your store for GDPR now. In long run it will be beneficial to your business in many ways.
If you have any question regarding the GDPR compliance for online store, please comment below.
Comments will be approved before showing up.