by Tom Shackleton
In May 2018, the General Data Protection Regulation will come into force in the UK. As the biggest change to data protection regulations since the Data Protection Act in 1998, there’s no doubt that GDPR will mean changes for your eCommerce business.
May 2018 may seem like a while away, but you’ll have to make changes to your policies, procedures and the way you handle customer data if you’re to be ready when it does arrive.
With the help of digital law experts Berwins Solicitors, we’ve looked at exactly what GDPR means for eCommerce stores around the country, and gained some insight into exactly what you should be doing to prepare right now.
Here’s what GDPR means for your eCommerce business.
So What Exactly Is GDPR?
Firstly, it’s important to understand exactly what GDPR is, and where it came from.
The General Data Protection Regulation is a piece of EU legislation that will take effect across the continent. Despite Brexit, it will still be put in place here in the UK before we leave the EU, and will probably remain in force afterwards, according to Berwins;
“It is highly likely that this will be in force in spite of and ahead of Brexit, and will probably remain in force after – because it would be hugely damaging to UK business if it weren’t.”
In the UK, GDPR will update the 20 year old data protection regulation currently in place, and will make legislation much more suitable for a modern, digital world. This means the implications for eCommerce are likely to be significant.
What Are the Implications for eCommerce?
GDPR will have an effect on many different businesses across different sectors, and eCommerce is no different. If you’re to prepare for the enforcement of GDPR, you’ll need to take note of these key implications:
You’ll Need Clear Consent for Marketing
Sending email marketing is likely a key part of the marketing strategy for your eCommerce business, and GDPR means you’ll have to be much clearer about obtaining consent from customers.
To meet new regulations, your requests for marketing consent need to be:
- Unbundled so that consent is separate from terms and conditions.
- Opt-in so that consent boxes are not automatically ticked.
- Granular so that consent for different marketing activities can receive separate consent.
- Named so that all 3rd parties are specifically mentioned.
As well as needing clear consent, customers also have the right to be forgotten, so you need to make it easy for them to remove consent or delete their account all together.
Time to Shape Up Your Data Protection
GDPR means that your data protection procedures need to be much stricter. According to Berwins, you have more responsibility for data protection and may have to appoint a data protection officer.
“You will have to appoint Data Protection Officers whose first duty is to whistleblow. This will be a burden on business – of that there is no doubt. But the weight of obligation should put some brake on the leaking of data.”
As well as having higher responsibility, you’ll also need to take another look at your privacy policy. We’ve all seen impenetrable policies that are difficult to make sense of. When GDPR comes into force, you’ll need to make it clear, easy to understand and written in plain English.
There’s a Threat of Higher Fines
All of this extra responsibility also brings with it the threat of higher fines, should you get things wrong.
The UK’s ICO has already started enforcing higher fines for businesses who don’t meet current regulation, and this can only be expected to accelerate come May next year.
If you don’t protect customer data on your eCommerce store, you could be hit with fines of up to €20 million or 4% of turnover, so getting your preparation for GDPR right is essential.
What Should Be Your Next Step?
GDPR will mean big changes to the way your eCommerce business handles data protection. Conducting thorough research and arming yourself with the implications is important, but professional advice is also key for getting your preparations right.
You need to understand exactly what your business’ responsibilities will be or risk falling afoul of the new legislation.
Don’t take risks with GDPR and make sure you take professional assistance onboard.
If you’re looking for professional assistance with preparing for GDPR, why not find more information the services that Berwins Solicitors offer or get in touch with us here at Statement if you’re currently embarking on a refresh of your online store.
