What you need to know about GDPR for your online business
The EU General Data Protection Regulation (GDPR) will become enforceable from this May after a two year transition period. It deals with data protection and individuals’ privacy within the EU as well as the export of their personal data outside of the EU. The key aim is to give back control to individuals over their personal data and it also aims to unify regulation within the EU. It affects any companies who process or store personal data of those in the European Union, so what does this mean for your online business?
The legislation will have an impact on pretty much any company that is based in Europe or has any customers in Europe. GDPR gives people the right to access their personal data, correct it, delete it and restrict processing of it and there are strict guidelines on how you are allowed to get customers to consent to you using their data.
This is even more important if you use customer data for anything more than just fulfilling orders, for instance if you use it for marketing or advertising. It is also your responsibility to protect their data and ensure that they can execute the rights they’ve been given over it.
When we talk about the personal data collected on websites we usually think in terms of name, email address, telephone number, physical address and possibly order history. There is however a lot of other website visitor or customer data that is often collected, such as IP addresses and cookies for AdWords, conversion tracking, remarketing and analytics and all of these also fall under GDPR legislation.
Things to consider regarding GDPR
If you are an online business with customers in the EU then the new GDPR legislation will almost certainly have some kind of impact on you.
Some things you should be considering are:
- Whether you need to appoint a Data Protection Officer and/or conduct documented Data Protection Impact Assessments (DPIAs)
- Whether you need to update your privacy policy or make changes to any disclosures to make to customers
- Whether any third party applications you use on your website are complying with the new legislation
- Whether you need to change how you get permission from your customers to use their data
- Whether you can effectively enable your customers to exercise their rights regarding their personal data
This is obviously a simplification of what is contained in the legislation and it is important that you properly familiarise yourself with GDPR requirements. You can read more in depth information about the legislation at the GDPR information portal.
If your business deals with a lot of customer data and particularly if you use it for marketing or advertising, it is also a good idea to discuss it with your lawyer or a GDPR expert to ensure that you adequately comply with the legislation. Being ignorant is not a defense.
If you found this information useful you will also find plenty of other informationon our blog.