Y 
The GDPR (General Data Protection Regulation) is coming into effect on the 25th of May and all manner of businesses are trying to work out what it means for them. From nurseries to online retailers, businesses are working hard to ensure they are compliant.
Once GDPR comes into force, it will be the most wide-ranging data privacy law on the planet, and it will affect how organisations big and small store, collect and handle data.
So, let’s take a look at how GDPR will impact e-commerce.
More Rights
When GDPR comes into full effect, European citizens will have many more rights when it comes to their personal data. They will have the right to correct, restrict, access and delete any data that a company may hold on them.
If you’re using data for advertising and marketing purposes, then users must specifically give their consent for this. Any business must list all and any third parties that may have access to a customer’s data. For big data and targeted marketing, this could mean huge changes in how things are done.
Alongside this comes the ‘right to be forgotten’. This translates to giving customers the enshrined right to delete any information a company may hold on them, in full and with no exceptions. And this process must be easy to do and clearly defined.
New Responsibilities
For those retailing via e-commerce, all of this means new responsibilities to customers and putting their data policies in line with GDPR.
In the case of a data breach, for example, online retailers need to have procedures in place and ready to do. They must report the breach to the ICO (Information Commissioner’s Office) and any affected customers within 3 days. For smaller concerns this may be a huge undertaking, so it is vitally important to be prepared ahead of time.
Large fines are also part of GDPR, levied against businesses that don’t store their data securely or misuse it. 4% of annual revenue is one punishment for failure to comply, which is a huge amount for small and big concerns.
Large e-commerce platforms like Shopify are already hard at work ensuring they are compliant, but individual merchants are still responsible for collection and safe storage of customers’ data.
For those worried about the new law, and wondering if they are compliant, the ICO has put together an online resource on how to comply and get a handle on this new era of data protection.