E-commerce Seller Tips For GDPR

Last Edited: May 24, 2018


Hi everyone,

If you have a Shopify or other e-commerce store - then you've probably heard everyone is talking about the new European Union General Data Protection Regulations (GDPR). It goes into effect tomorrow, May 25th. It includes fines of 4% of your annual revenue if you are caught in non-compliance. 

Who Does This Impact: If you collect information via your website - or sell to - European citizens, then it impacts you - even if you're based outside the EU. Here is a link to the formal EU GDPR site.

Let me suggest some compliance action steps that seem to be universally agreed upon. This is not legal advice, it's simply a list based on my research. I'd encourage you to create your own list to ensure you comply with all the GDPR rules - and confirm for yourself what is required of you as an e-commerce seller. I will revise and edit this blog article as needed based on reader feedback, changes to my own insights, and/or law changes.

Don't Freakout, But Don't Ignore It: The sky is not falling, some articles (written by media people - and not by e-commerce people) create a total freak-out / panic mood. That's not necessary, but don't ignore this topic either. The best thing you can do is take the time to study the new rules and implement the necessary changes. Ignoring important legal changes is a huge mistake. Learn what you can - find trusted sources - and make changes as needed.

Along those lines, here are a few tips that I believe will put you on the right track toward compliance. Again, I'm not saying this is legal advice, nor comprehensive, but based on my research, this is a pretty good list to consider.

Obviously this is written with Shopify e-commerce sellers in mind...

1. Update your Shopify Privacy Policy & Terms Of Service Pages: 

Make sure they includes the new language related to GDPR, such as naming your "Data Privacy Officer" and including your contact information if customers have questions or requests. 

Shopify has made this easy! Plus they’ve written an extensive Shopify GDPR user guide

Here is a link to these free tools you should use today:

Shopify Privacy Policy Generator

Shopify Terms And Conditions Policy Generator​

After you generate these documents and ensure they are all complete - then you simply add them to a page on your site and link them in your footer section. Of course, if you've already gone through my Shopify Power course, you'll already have completed these steps - so you just need to cut & paste the newly revised content into those existing pages.

2. Include Information About Your Use Of Cookies: 

On the Shopify platform - Shopify includes the Cookie Policy information inside the Privacy Policy, so as long as you just did step #1, based on their comments, I don't believe there is a need to have a stand-alone Cookie Policy as a unique page on your site, again, if you're using the Shopify Privacy Policy Generator. 

3. Get Cookie Policy Consent From Visitors: 

Consider installing a simple script on your site that prompts visitors to actively consent to your cookie policy. If you want to see how we've done that, you can visit our site, www.pixiefaire.com, look for the orange box on the bottom left corner. It took about 5 minutes. How did we do it?

You can get a free script tool at:https://cookieconsent.insites.com/download​/​ ... The default setting has the "learn more" link go to a general information page on the insites website, (you can see it here). Or you can edit it to go to your own cookie policy on your website. For my website, I decided to point the "Learn More" link to my own Privacy Policy, and then on my privacy policy page, I added a note about learning more about cookies at: https://cookies.insites.com​​, so you can see what it looks like.​ It will give you something like this:​

 

3. Update Your Opt-In / Pop-Up Tools To Include GDPR Language: 

If you use Mailchimp (for example) then you should look at the Mailchimp GDPR Tools and enable them​. The law requires you to get consent for your use of customer data. 

So, at a minimum, on your pop-up, consider having language such as, "By entering your details you will receive our free newsletter, and you confirm that you agree to our Terms & Conditions​, and Privacy Policy."

4. Customer Facing Data Options: 

Include a contact email address in your Terms Of Service and Privacy Policy along with information for customers who want to

1) See their data

2) Have you delete their data

If you are a Shopify user - Shopify has indicated that if you get these requests from your customers - you can forward them immediately to Shopify directly - and they will assist you. Simply email them at [email protected] (So that's cool).

Additionally, you'll want look into using a Data Subjects Rights Portal, which allows site visitors to control their marketing treatment. You can see how one of these works by visiting Mailchimp and looking at their cookie policy. The tool looks like this:

5. send Out A Privacy Policy Update Notification Email To Your List: 

The reason you are seeing so many companies sending Privacy Policy Update emails is because - giving notification to existing users appears to be required by GDPR. Getting active consent is required in some use-cases related to how you handle their data.

Many companies are using language in their email like, "By continuing to use XYZ Company on or after May 25, 2018, you acknowledge our updated Privacy Policy and agree to our updated Terms of Use.​" 

Summing It All Up: I hope this helps outline a few practical steps you can take to begin your GDPR journey. As I mentioned, I will update this blog article as needed. 

And please remember, as I mentioned at the top of this article, I am not a lawyer, so please don't take this as legal advise. Do your own research, and determine how best to comply. 

Honored for the chance to be of help on your journey,

Jason