The landscape of data protection has changed forever with the introduction of GDPR – or to give it its more accurate title, the General Data Protection Regulation legislature. Following many years of EU attempts to update data protection law to suit the shifting needs of the 21st century, GDPR has now replaced the Data Protection Act of 1988, and seeks to help people control how companies use their data. This will also involve hefty fines and penalties for those organisations which don’t comply with the new rules. GDPR applies to not only companies based within Europe, but also those who have customers within Europe. This is particularly applicable, therefore, to ecommerce retailers, who are empowered to sell around the world. GDPR officially takes effect on 25th May 2018. But how can online retailers make sure they’re ready for this latest legislative development?
Appoint a Data Protection Officer
Depending on the scale of your business, it may be worth appointing a member of staff whose role is solely dedicated to ensuring customer data is safeguarded in the digital space. This tech savvy position may seem like an unnecessary extravagance, but if they are able to guide you towards compliance you’re better placed for both avoiding possible litigation and also for enhancing your profile as an ethical and trustworthy company.
Ask for permission
The new data protection law may require you to ask for customer consent where data is concerned, on a more regular basis than companies have previously been used to. Your permissions may also need to become more comprehensive, encompassing everything from access, storage and export of all potentially sensitive information.
Check partnered firms are compliant
If you are currently using any third-party applications to help run your ecommerce platform, it’s vital these, too, are compliant with the current legislation.
Train staff in GDPR
Ensuring your workforce are knowledgeable about the implications of GDPR is essential for a smooth transition and continual compliance. Begin with key staff members who work directly with data, but ensure even those who don’t have a basic overview, so they can in turn help to support the team in remaining compliant.
Keep detailed records of all your data dealings and consent acquisitions - and deactivate any default opt-in capabilities. GDPR requires full and explicit consent for data usage along with a right to be forgotten, so pre-checked consent is no longer acceptable. Adopting a rigorous approach to your data usage review will ensure you are in great shape when GDPR takes effect.