No one on the internet can escape 2018’s latest buzzword: GDPR.
The EU’s sweeping new legislation, General Data Protection Regulation (GDPR), will take effect on May 25, 2018. Although the regulation aims at protecting the data privacy of EU citizens, it affects businesses worldwide. If you run an eCommerce business, regardless of where you are, chances are you’ll have to prepare for the legislative changes.
Most American businesses — even the regulators themselves — aren’t ready for GDPR at all. However, businesses with any kind of online presence should catch up with the compliance details as soon as possible to avoid being slapped with an enormous fine.
If you run an online business with BigCommerce, here’s everything you need to know about GDPR in a nutshell.
What is GDPR?
GDPR is a new law that dictates data privacy by regulating the ways companies collect and store consumer data. Through the establishment of stricter rules, EU citizens essentially have more control over their personal data, such as their names, addresses, credit card numbers, and even photos.
If any EU resident visits your website, you’re obligated to ask for an opt-in consent before you can collect, use, or store the customer’s data.
Violating GDPR can result in a fine up to $24 million or 4% of your company’s global revenue.
Is Your eCommerce Business Affected by GDPR?
You may think GDPR won’t affect your US-based business because it’s an EU regulation protecting EU citizens only. The truth is, GDPR can apply to your company if it has any interaction with people residing in Europe – even if it’s just one customer.
Small eCommerce businesses with fewer than 250 employees will not have to comply with every GDPR requirement like the tech giants do. Nonetheless, the lengthy legislation encompasses enough details that will impact companies of all sizes.
What Do You Need to Do for GDPR Compliance?
Regardless of where your business is and how many employees you have, you should be aware of the general rules to GDPR compliance.
Repeat this to yourself: “opt-in consent.”
In the past, websites had pre-filled cookie consent forms where people were simply informed of their browsing data being collected. GDPR now requires individuals to opt-in before the websites are allowed to collect any data. This means customers will have to give a clear consent by manually ticking a box – no more pre-ticked checkboxes. The websites must then disclose which third parties may have access to their data, how they’ll be using it, and how long it’ll be stored.
The Right to Erase
GDPR demands the right “to be forgotten” for individuals who wish to have their personal data removed from a system. You have to make it easy for customers to edit their data or remove their consent for marketing activities. Such option needs to be easy to find. In other words, don’t make your customers jump through hoops to remove their data if that’s what they want.
Report Data Breach Within 72 Hours
Always secure your customer data If there’s any data security breach, you’re responsible for reporting it to the authorities and your customers within 72 hours. BigCommerce users can disclose a data breach to the Supervisory Authority of the platform.
Verify if Your Vendors are GDPR Compliant
If you use any third-party vendors or apps like live chat and product reviews, make sure these vendors are GDPR compliant because they also have access to your customer data.
Is BigCommerce Ready for GDPR?
As a leading eCommerce platform, BigCommerce has ensured its GDPR compliance before the regulation takes place on May 25th, 2018.
The platform has introduced the following measures to comply with the new regulations:
- Appointing data protection officer Christopher Beckett
- Keeping data processing records
- Assessing vendors
- Implementing privacy protocols like data breach response policies
For more details, please visit BigCommerce’s official webpage on GDPR.
The Information Commissioner’s Office (ICO) also provides a self-assessment checklist for data controllers to work through the steps of complying with GDPR. If you’re unsure whether your website is ready for GDPR, go through the checklist to assess your compliance.