By 25 May 2018, ecommerce sellers will have another EU regulation on their hands, the General Data Protection Regulation (GDPR). To learn how it’ll impact your business and what you can do to prepare for it, read on…
The GDPR in a Nutshell
Essentially, this is a new data privacy law, the most comprehensive one to date. (Here is where you can dig into all the details about it). But the summary of it is this: data collection on your customers must be stored securely, be opt-in only, be used only with their consent, and be made available to them if they request it. The aim is to make things more transparent to users, and to introduce new fines on sellers who breach the GDPR. If you use your customers’ data for things like marketing and advertising, read on because this will likely affect you.
What Actually Qualifies as Data
’Data’ can cover a pretty broad range of topics, but it typically involves anything that’s tied to them. For example, an account created on their site or an email used to purchase things would be considered data, as would things like their payment info, past purchases and shipping address(es). It even includes things like IP addresses, even though they don’t identify actual people.
The Impact This Will Have on Your Business
Let’s say one of your customers emails you for their data. Under the GDPR, you have one month to provide them with that information. Before, the Subject Access Request (SAR) meant they’d have to pay money for that, but not anymore. Now, they have the right to ask for that for free and get it.
And if they decide they want to stop shopping with you and don’t want you to hang onto their data for whatever purposes you might be using it for, you’re obliged to delete it and inform them.
Sounds pretty straightforward, right? It’ll require a bit of extra work for you, but it’s manageable. But have you thought about all the different hands that touch your customers’ data? What about courier services or shipping companies who have data like your customers’ names and addresses? What protocols do they have in place to comply with the GDPR?
Things get a little more tricky with that, but it’s important to comply. Failure to do so could result in fines of up to €20 million or 4 percent of annual turnover from the previous year, whichever is greater.
If You Think You’re Not Covered By the GDPR
Some sellers reading this will think, ‘Ah, that’s alright. I don’t live in America, so this doesn’t apply to me.’ But that might not be entirely correct. If you collect the data of anyone living in the EU, you need to comply with the GDPR. Brexit makes things a bit trickier, so starting now will give you more time to sort things out.
Steps You Can Take to Get Ready
- Get in touch with an IT company to handle the details for you. It might be tough for you to cover all your bases legally, and using a firm that specialises in this can make things easier for you.
If you decide to do it yourself:
- Offer a clear section where they consent to their data be collected and used, and an explanation of what that entails and what you’ll do with it. A typical solution would be to have a checkbox (unchecked!) beside a statement of something like, ‘I consent to having my data be collected’ with an asterisk that follows down to a lengthier paragraph at the bottom of the page.
- Review if you have to update your privacy policy to include the new regulation and what it specifies, and whether or not you have to amend the disclosures you make to your users.
- Make sure you have security measures in place to keep your site secure, if you have your own site. If you use Amazon, you can skip this step. They have lengthy security measures in place and will have amended things to fall in line with the GDPR.
- Speaking of security, is your customers’ data stored on a database where it can be easily called up and deleted? Try doing a mock report on yourself to get familiar with the process and check to see if it’s truly been erased.
- Consider hiring a white hat hacker to try and breach your system to expose weaknesses you can buttress. If you do have a data breach, you’ll have to inform your customers within 72 hours — and they’ll likely expect a solution in far less time than that.
- Show your plan to a lawyer to make sure you’re in total compliance of the GDPR before you fully make the switch.
Win the Buy Box with RepricerExpress
The GDPR won’t take effect for another few months so you still have time to sort things out. While you do that, use the time in between as an opportunity to fine-tune your pricing game by using RepricerExpress. You don’t even have to wait to get started! Sign up now and get the first 15 days absolutely free.
Subscribe to our newsletter for pro tips for selling on Amazon.
 
				 
															
