GDPR and Starting an eCommerce Site

If you are in the business world, by now you have heard about GDPR, the General Data Protection regulations passed by the EU and UK and implemented on May 25th of this year. If you haven’t, it is well past time for you to check them out and make sure any sites you currently have are in compliance. Consequences can be debilitating both financially and otherwise.

There is another aspect to the new rules though. What if you are starting a new ecommerce site this year? Whether you are just now starting to sell your products online and starting out with a brand new domain name or you are expanding your current offerings, here are some things you need to know about GDPR and starting a new ecommerce site.

Set Up the Right Foundation

When you build anything, you need to start with the right foundation, and that is especially true of an ecommerce store. There are a number of features that will not only be vital to your customers, but they will also help you be compliant with the GDPR regulations.

This means having a secure site with a current security certificate recognized by internet browsers. This will keep your site from turning users away for an invalid certificate. This should be a part of your hosting, but you should check the site yourself and make sure everything is working properly.

Your site should also be mobile optimized. While not a part of GDPR security and privacy, it shows a customer that you care about their experience, and since most purchases and searches originate on mobile now it is simply a good idea. The Google AMP project has now expanded to include mobile first search results.

Also, for users to trust your site, it needs to be SEO optimized. This lets both users and search engines know your site is legitimate and lets them know what it is all about. They will be more comfortable agreeing to your new privacy policies and sharing their information with you.

Determine What Data You Can and Need to Gather

Part of the GDPR is that you as a business can only gather what information is necessary to perform a legitimate function. So if you are building an email list, the individual’s first and last name and email should be sufficient. If you want to do a survey to better tailor newsletters and appeal to their interests, you may do so, but you must first ask permission.

While this area is somewhat vague, the spirit of the regulation is that you should not gather and retain customer information without a legitimate reason to do so. While it is nice to build your database about your customers, you can easily do so with anonymized data rather than the personal information of your individual customers.

Remember, violations will be based on what it is reasonable to gather for your purposes, what you have permission to gather and use, and whether or not you have followed what is expressed in your privacy policies.

Write an Effective Privacy Policy

This is where writing an effective privacy policy comes in. Your privacy policy needs to clearly outline several things. Fortunately there are templates online to help you write these policies, but you will need to edit them to meet your specific needs. Here are some key pieces.

  • What information will you gather? Even if the user logs in with a social media account, you need to tell them what information you will collect and what that log in gives you access to.
  • What will you use the information for? When you gather information, your privacy policy needs to clearly outline what it will be used for, and what it will not. It is not enough to just say we won’t use your information for spam and won’t sell your information to anyone. Instead, you must be more specific with your intentions.
  • How will you protect the information you gather? Once you have a person’s personal information on your site even if they are just logging in to comment on your blog, you must protect that information. Your privacy policy needs to outline the security measures you have in place for doing so.

When running an ecommerce site, a big part of winning and keeping customers is to set yourself apart from the competition, and often the way you do this is through developing trust with your customers and potential leads. In many ways, your privacy policy tells them if they can trust you or not.

Spread the News Far and Wide

Make your privacy policy easy to find. Email it to all new email subscribers, customers when they check out, and even post it on your blog in the comments section. Make your privacy policy a central part of your website even if not everyone reads it. This makes it obvious that security and privacy are important to you and your company.

This also brings you into the strictest compliance with GDPR. If you keep your privacy policies front and center, a customer will have a hard time saying they could not find them or did not see them. Whenever you update or change policies, send them out again. Display them with every purchase and checkout and every subscription.

Keep Up to Date

GDPR is just the beginning, and the origin of what are sure to be stricter privacy policies going forward. The UK and EU are just first, but other countries will follow their lead. Keep up to date with what is next, and be sure you are always in compliance in any area where you have a reach and sell goods.

The world of privacy is changing, and rules about personal data will evolve and change with it. Securing that data, protecting it, and being clear about how it will be used will not change. If you are starting an ecommerce store this year, be sure you and your policies are in compliance from the beginning and updated regularly.

About the author


Click here to add a comment

Leave a comment: