GDPR. General Data Protection Regulation. What is it? What do I need to know? What should I do? These are all questions which we are hearing more and more frequently as we come closer to May 25th which is when this new law will come into effect.
As an eCommerce agency our focus is on what this means for our customers, all of whom are Australian based eCommerce stores and almost all of whom dispatch orders overseas.
After a lot of online reading and researching and struggling to find the answers our customers need, we decided to collate our findings and recommendations for our partners into one simple blog post.
Let’s start from the top. What is GDPR?
The EU is implementing a new privacy framework to protect the data of EU citizens regardless of their actual location. Data means their names, email addresses, order history, newsletter preferences, so on and so forth. Basically, any data you have collected from your EU customers will now fall under the jurisdiction of the GDPR. This Act will essentially give all the power back to the customer in terms of where their data is stored, how it is used and how they remain in control of it. Any requests the customer makes of you, the merchant, must be completed within 30 days in order to avoid a non-compliance fee.
What do I, the merchant, need to know?
If you are an eCommerce store dispatching orders and/or marketing to the EU, this affects you. To remain compliant, you must make it completely crystal clear to your customers how you collected their data, what you use it for and how they can opt out at any time.
You will be expected to put extremely high safeguards in place to ensure your customers data is protected. If you haven’t already, you might like to consider adding Two Factor Authentication sign ins to your email marketing platform sign in and eCommerce Admin.
So, what should I do?
It is of paramount importance that you do not collect any data without express permission from your customers. For example, make sure none of your check boxes are pre ticked and make sure you are very clear about what your customers are signing up to.
Can you give that to me as a checklist?
Sure. Here’s what we’d do if we were you:
- Review your website sign up points from start to finish. List out every pop up, every sign up box and every opt in which captures a customers email address.
- This one is probably the most important. Make absolutely sure that no check boxes are pre-selected. From now on, your EU customers must tick all boxes themselves to agree to sign up or to acknowledge your Ts and Cs.
- Check that you have an easy “unsubscribe” link at the bottom of your EDMs so your EU customers can opt out at any time.
- Review the wording on your Abandoned Cart emails and make sure your EU customers are informed on how you captured their email if they did not provide it and how they can remove themselves from the list.
- Set up a CMS Page on your site with an updated Privacy and Data Policy. Make it clear to your EU customers where their data is captured on your website and what you use it for.
- Consider sending an EDM to your EU customer base with links to your updated Privacy and Data Policy and steps for them to follow if they want to update their preferences.
Let us help! Contact us today.