The General Data Protection Regulation (GDPR) approved by the European Parliament in April 2016 and will come into effect on 25 May 2018. This regulation is the biggest and most important European legislation regarding privacy and data protection in the last two decades.
GDPR applies to any business or organization that processes or stores the personal data of European citizens, regardless from which country they operate. Τhe aim of the GDPR is to give to all European citizens much greater control over their personal information and to force companies and organizations to take more seriously the handling and the protection of their client’s personal data. The fines for non-compliance can reach up to €20 million or 4% of a company’s turnover, which means GDPR is not to be taken lightly.
An individual’s rights under the GDPR
The General Data Protection Regulation (GDPR) seeks to establish eight rights for individuals regarding the protection of their personal data.
GDPR and our Customers
How can website owners prepare for the GDPR?
One of the most important issues that GDPR attempts to address is that of consent. A user’s consent can no longer be implied or inferred from her activity or even inactivity.
The language used while trying to get consent has to be simple and clear. GDPR forbids long and hard to understand texts. You must clearly state the purpose you need the individual’s data for, as well as the approximate time period you will be storing it.
The fact that a user has given her consent to a website does not mean that it cannot be revoked. The user has the right to revoke her consent at any given time with ease.
For example you need to go through all the forms your website uses and make sure that the personal information you request from your users is absolutely necessary. Remove any fields that request information that is not necessary for your specific purposes. This will have the added benefit of improving your user’s overall experience on your website.
You should also avoid any pre-selected checkboxes in your forms. Selection boxes for newsletters or marketing purposes should not be pre-selected but freely and consciously chosen by users.
You can also read what Google has to say here
About Social Media platforms
Initially, it is necessary to clarify at this point and before any approach, the two key concepts of the General Data Protection Regulation (GDPR).
Controller: a natural or legal person who determines the purposes and the manner in which personal data are processed.
Processing: a natural or legal person, a public authority, a service or other entity processing personal data on behalf of the "controller".
Social Media platforms are accountable for the processing of personal data in relation to natural persons, as defined as "controllers".
But there is a peculiarity or "exception" in this relationship.
When an advertiser feeds data directly to the platform for targeted marketing purposes and for that purpose uses its own personal data file such as email addresses, telephones, and names, then the platform takes on the role of "processor". This implies that the advertiser himself, who in this case is the "controller", must ensure compliance with GDPR and is accountable for the personal data he actually uses for advertising and promotional purposes.
Companies that manage Social Media for third-party companies have a double role and should now be legally covered for the data the customer feed them.
Does your websites/eshops store data?
Website or eshop store itself does not receive or store usage data, unless you opted in to our Usage Tracker.
Website or eshop store include updates and tools for the GDPR that make it easier to handle Right to Access and Right to Erasure requests from customers.
Do extensions store data?
When it comes to services and extensions, including those built by third parties, things get a little more nuanced.
Learn how specific extensions, including payment and shipping gateways, store data.
If you build and sell extensions on our (or another) marketplace, review our checklist on how to make an extension GDPR-ready.
May the GDPR force be with you!We trust these resources will be helpful as you navigate eCommerce in this brave new world of the GDPR and protected data. If you have any questions about personal data storage, please reach out to us
You can find an infographic page from EU here
This article contains general suggestions and recommendations regarding the GDPR, by no means is a legal advice. If you want to be sure that your business or website is fully compliant with the GDPR, you need to get proper legal advice for your own particular case.