Go through the GDPR Checklist for eCommerce and check to what extend your eCommerce meets the requirements GDPR.
About the GDPR
The new General Data Protection Regulation (GDPR) determines how your eCommerce business operates from 25th May 2018. There are big changes on the way. Your business will need to manage, administer and protect personal data whether you work in B2B or B2C marketing.
Learn more about GDPR.
What happens if you fail to comply
Supervisory authorities will have the ability to fine organisations €20 million or 4% of their annual global turnover whichever is greater. But it would take a serious violation of the Regulations for a fine to come close to that figure, and the ICO reassures us that fines will be a last resort.
30 days of business suspension – this is the other scenario that may occur upon failure to comply. Supervisory authorities can perform a detailed audit of your data protection procedures and ban you from processing personal data for up to 30 days, which in practice will result in the suspension of your business.
Get ready for GDPR
If you still have not done a risk analysis then you don’t know exactly to what extent your site meets the requirements GDPR. Simply go through the list and check the requirements with which you comply to make the first step. The more checkmarks, more prepared you are. Fewer checkmarks? Find out which areas you need to focus on and take action. Of course, you can always use specialized services like ours, to implement all the required changes effortlessly.
Database access
This area describes the recording of each attempt to read personal data, regardless of how it will be done, e.g. a direct reading of data by the database or by the Administration Panel.
Collected data
To protect the user’s interests, we must limit the collection of data to what we actually need.
Consent from users
The GDPR requires full transparency when it comes to collecting user consent and enforces the principle of one request for consent – one checkbox.
Data profiling and external software
The GDPR requires the user to be informed to whom his data is being transferred, so special attention should be paid to how personal data is transferred using external software. In addition, the user must agree that the data regarding his behavior can be profiled / analyzed.
The possibility of being forgotten
The GDPR requires that its data be forgotten / deleted from the system at the user’s request. The scope of data removal is 100%. At the user’s request, it is necessary to provide him with the complete set of data that we have about him, along with the history of how the data was processed, to whom it was shared, etc.
Integration and transfer of data
The GDPR requires the user to be informed to whom his data is being transferred, so special attention should be paid to how personal data is transferred using external software. The user must agree to the transfer of their personal data.
Data administrator procedures
Working out procedures at the organizational level that meet the requirements of the GDPR. Examples below:
Share this report
If you find this report helpful, why don’t you share it
with your friends on social media:
If you are not sure, just get in touch with us.
Our business consultant will find out which areas you
need to focus on and show what action we can take to
implement all the required changes effortlessly.
Published January 4, 2018