General Data Protection Regulation E-Commerce

Posted on

The European Union’s Generate Data Protection Regulation (GDPR) is going to come into effect from 25th May, 2019. What is the GDPR? Is it something that is going to affect you? What does it mean for the E-commerce industry? Let’s find out.

What is GDPR?

The GDPR is a regulation passed by the EU in the interest of the privacy of its citizens. It has made it compulsory for businesses to protect and safeguard the personal data of EU citizens for any and all transactions which take place within its member states. Non-compliance is something which would have to be paid for heavily by the offending company. All sorts of customer data would be encompassed in the regulation: IP addresses, social media posts, pictures, bank details and any important identification numbers like NI or SSNs. Regardless of where the data originated from, it should be used only with the customer’s permission, stores safely and safeguarded, and ultimately be an opt-in option.

What kind of companies does it affect?

Contrary to what most people think, you do not need to be operating within the EU or have a business presence within its geographical boundaries in order to be affected by the GDPR. If your company, regardless of from where it operates, stores or manages personal data and information about EU citizens, it must comply with the GDPR. In fact, a recent survey by PwC revealed that 92% of companies from the USA will be affected by the GDPR and consider it a very important data protection priority.

Another survey by Propeller Insights and sponsored by Netsparker Ltd. asked executives which industries would be most affected by GDPR. Most (53 percent) saw the technology sector being most impacted followed by online retailers (45 percent), software companies (44 percent), financial services (37 percent), online services/SaaS (34 percent), and retail/consumer packaged goods (33 percent).

GDPR and E-Commerce

The cost of non-compliance is extremely heavy for SMEs and making a mistake with regards to customer data simply cannot be afforded. There are fines which can go up to 20 million euros, or 4% of a company’s total annual revenue- all of which reinforces the simple fact, that in today’s day and age, data must be safeguarded and stored securely. For E-commerce businesses, this means greater accountability for how and where they are storing their data- and for companies using third-party software partners, their data may in fact be stored at multiple locations. For e-commerce businesses like these, encryption should become the first and foremost priority and strict rules should be reinforced pertaining to data access.

If your company is operating in the cloud, then the transition might be a bit more seamless for you. Large companies like Shopify will have a better advantage in becoming 100% compliant, as they had the resources to start working on modifying their business processes as soon as the regulation was announced about a year ago. If your e-commerce business uses in-house servers or you have invested in custom softwares to manage your data, then you will need to employ a team to test and audit your system for any chinks and then take action accordingly to safeguard your data and ensure your firewall is impenetrable. However, the most important facet is receiving consent from all your customers and using their personal data in a GDPR compliant way