If you are in the business world, by now you have heard about GDPR, the General Data Protection regulations passed by the EU and UK and implemented on May 25th of this year. If you haven’t, it is well past time for you to check them out and make sure any sites you currently have are in compliance. Consequences can be debilitating both financially and otherwise.
There is another aspect to the new rules though. What if you are starting a new ecommerce site this year? Whether you are just now starting to sell your products online and starting out with a brand new domain name or you are expanding your current offerings, here are some things you need to know about GDPR and starting a new ecommerce site.
Set Up the Right Foundation
When you build anything, you need to start with the right foundation, and that is especially true of an ecommerce store. There are a number of features that will not only be vital to your customers, but they will also help you be compliant with the GDPR regulations.
This means having a secure site with a current security certificate recognized by internet browsers. This will keep your site from turning users away for an invalid certificate. This should be a part of your hosting, but you should check the site yourself and make sure everything is working properly.
Your site should also be mobile optimized. While not a part of GDPR security and privacy, it shows a customer that you care about their experience, and since most purchases and searches originate on mobile now it is simply a good idea. The Google AMP project has now expanded to include mobile first search results.
Also, for users to trust your site, it needs to be SEO optimized. This lets both users and search engines know your site is legitimate and lets them know what it is all about. They will be more comfortable agreeing to your new privacy policies and sharing their information with you.
Determine What Data You Can and Need to Gather
Part of the GDPR is that you as a business can only gather what information is necessary to perform a legitimate function. So if you are building an email list, the individual’s first and last name and email should be sufficient. If you want to do a survey to better tailor newsletters and appeal to their interests, you may do so, but you must first ask permission.
While this area is somewhat vague, the spirit of the regulation is that you should not gather and retain customer information without a legitimate reason to do so. While it is nice to build your database about your customers, you can easily do so with anonymized data rather than the personal information of your individual customers.
Remember, violations will be based on what it is reasonable to gather for your purposes, what you have permission to gather and use, and whether or not you have followed what is expressed in your privacy policies.
- What information will you gather? Even if the user logs in with a social media account, you need to tell them what information you will collect and what that log in gives you access to.
Spread the News Far and Wide
This also brings you into the strictest compliance with GDPR. If you keep your privacy policies front and center, a customer will have a hard time saying they could not find them or did not see them. Whenever you update or change policies, send them out again. Display them with every purchase and checkout and every subscription.
Keep Up to Date
GDPR is just the beginning, and the origin of what are sure to be stricter privacy policies going forward. The UK and EU are just first, but other countries will follow their lead. Keep up to date with what is next, and be sure you are always in compliance in any area where you have a reach and sell goods.
The world of privacy is changing, and rules about personal data will evolve and change with it. Securing that data, protecting it, and being clear about how it will be used will not change. If you are starting an ecommerce store this year, be sure you and your policies are in compliance from the beginning and updated regularly.