GDPR – checklist to prepare your eCommerce

Care to share?

The GDPR is the biggest change in privacy policy law in decades. It affects the whole European Economic Area and worldwide online markets. The goal is simple: to return control over personal data to your customers. This concerns the whole eCommerce market. Let’s check if your online business is ready for this change.

Download FREE GDPR Compliance Checklist for eCommerce

GDPR quick overview 

The new regulations, published by the European Parliament in May 2016, are currently one of the most important topics worldwide. All concerned organizations have had two years to understand the new laws and ensure compliance. Now, this period is coming to an end.

The General Data Protection Regulation (GDPR) focuses on the protection of data of anyone in the EU. The most important changes are: the right to access, the right to be forgotten, the right to portability, the right to consent and breach notifications within 72 hours. The effective date for GDPR is May 25, 2018. After that, organizations with customers in Europe must ensure compliance.

GDPR full form:
Deadline: May 25th, 2018

What is GDPR compliance?

The GDPR acts as a best-practices guide. The regulation doesn’t explain explicitly how you must prepare. This can be different in each organization. In the case of eCommerce business, we observe that many of those best-practices have become standard solutions, so there is a good chance that you already have most of the needed solutions.

However, the penalties for non-compliance are extremely high (€20 million or 4% of their annual global turnover), so it is smart to review all procedures and solutions in your eCommerce and run a GDPR risk assessment.

GDPR checklist

To help you prepare, we have developed this practical GDPR Compliance checklist for eCommerce – use it to assess your eCommerce activities and find out which areas you need to focus on. This checklist is a free guide, suitable for all online businesses.

The greatest thing is that you can use the GDPR Compliance checklist for eCommerce by yourself. Simply go through the following seven areas and find those that you are prepared with and those you need to focus on and take action.

GDPR - simple checklist seven areas

  1. Data access – Recording of each attempt to read personal data.
  2. Collected data – Limiting the collection of data to what we actually need.
  3. Consent from users – Keeping full transparency on the user’s consent.
  4. Data profiling and external software – Informing the user to whom his data is being transferred, with special attention to external software. Obtaining the user’s agreement for profiling.
  5. User possibility of being forgotten – Being ready to delete all user data from a database upon request and providing the complete history of how the data was processed.
  6. Integration and transfer of data – Obtaining a user’s consent for personal data transfers and being ready to inform users about those transfers, with special attention to the use of external software.
  7. Data administrator procedures – Working out procedures at the organizational level that meet the requirements of the GDPR.

Compliance with the GDPR for non-European companies (e.g. United States, Canada) is the same as for European companies. No matter where your company is – if you provide products or services to European citizens, you must take steps to provide security and clarity to personal data protection and respect all rights of the clients.

New chances for your business

Perhaps you will need to adjust your solutions to give customers greater control over their data and access to information on who collects and processes their personal data, what it is used for, and how it is kept safe. This may require some effort and expense at the start, but in the long-term, enforcing the GDPR best practices can be beneficial for your business.

Online shopping is one of the most popular online activities undertaken by customers worldwide. The GDPR unifies personal data policies in all 28 EU members states. This means that after the date of May 25th, all companies that comply with the new laws gain new opportunities to operate across the EU.

The GDPR is the first such comprehensive change in personal data regulations worldwide. It will probably become the starting point for many other countries willing to adjust their data protection laws (via data protection bill) in the future.

Published April 17, 2018