As of May 2018, a new data protection regulation will apply to all companies which offer products or services to customers in Europe. It does not matter if it is a large company or a one-employee business, General Data Protection Regulation applies to all. Moreover, it is not dedicated specifically to e-store owners. It also applies to tools, which they use on daily basis: Google, Facebook, marketing automation platforms and e-mail marketing services.
What is GDPR all about?
General Data Protection Regulation (GDPR) ensures protection of natural persons with regard to the processing of personal data and on the free movement of such data, within the European Union. But what do the new laws mean for e-commerce?
The regulation aims to set a new standard of data protection. Proper use of personal data can help maintain trust between consumers and business and institutions. New rules will affect companies that operate in many sectors and countries. They apply to every organization that offers products or services to European customers even if it is located outside the territory of the European Union, i.e. China, United States of America.
For e-commerce business crucial changes involve handling personal data and specific ways of presenting data protection policy on websites. This includes: consent requests separated from other terms and conditions, active opt-in, and collecting people’s data that have strictly specified business value. The goal is to ask the right questions regarding only the necessary information, inform users about the usage of their personal data and allow them to withdraw their consent at any time. If there exists a possibility that the gathered data will be also used by third-party organizations it is necessary to mention their names. Even detailed descriptions of the fields they operate in will not be sufficient according to GDPR.
There are good practices in user experience design that take into consideration all those changes. The information about collecting personal data should be visible and clear from the first moment that the user enters the page. General consent should be divided into smaller sections allowing users to make decisions.
How to prepare for GDPR?
This is the last moment to make adjustments to comply with the mentioned regulations. Where to start? First step should be performing a professional website audit. Next steps should be planned based on the findings. They may include creating new personal data policy protection and presenting it accordingly, implementing changes in user experience design and service structure, as well as defining a new strategy for gathering and usage people’s data.
Sii experts face challenges like this on daily basics. Our cross-competence teams support partners from Nordics and DACH region to analyze and adjust web applications or e-commerce solutions to the new requirements. Following regulation changes, we can perform website audits, offer professional counseling and assist in implementation proces.