E-commerce Seller Tips For GDPR
Last Edited: May 24, 2018
If you have a Shopify or other e-commerce store - then you've probably heard everyone is talking about the new European Union General Data Protection Regulations (GDPR). It goes into effect tomorrow, May 25th. It includes fines of 4% of your annual revenue if you are caught in non-compliance.
Who Does This Impact: If you collect information via your website - or sell to - European citizens, then it impacts you - even if you're based outside the EU. Here is a link to the formal EU GDPR site.
Let me suggest some compliance action steps that seem to be universally agreed upon. This is not legal advice, it's simply a list based on my research. I'd encourage you to create your own list to ensure you comply with all the GDPR rules - and confirm for yourself what is required of you as an e-commerce seller. I will revise and edit this blog article as needed based on reader feedback, changes to my own insights, and/or law changes.
Don't Freakout, But Don't Ignore It: The sky is not falling, some articles (written by media people - and not by e-commerce people) create a total freak-out / panic mood. That's not necessary, but don't ignore this topic either. The best thing you can do is take the time to study the new rules and implement the necessary changes. Ignoring important legal changes is a huge mistake. Learn what you can - find trusted sources - and make changes as needed.
Along those lines, here are a few tips that I believe will put you on the right track toward compliance. Again, I'm not saying this is legal advice, nor comprehensive, but based on my research, this is a pretty good list to consider.
Obviously this is written with Shopify e-commerce sellers in mind...
Make sure they includes the new language related to GDPR, such as naming your "Data Privacy Officer" and including your contact information if customers have questions or requests.
Shopify has made this easy! Plus they’ve written an extensive Shopify GDPR user guide
Here is a link to these free tools you should use today:
After you generate these documents and ensure they are all complete - then you simply add them to a page on your site and link them in your footer section. Of course, if you've already gone through my Shopify Power course, you'll already have completed these steps - so you just need to cut & paste the newly revised content into those existing pages.
3. Update Your Opt-In / Pop-Up Tools To Include GDPR Language:
If you use Mailchimp (for example) then you should look at the Mailchimp GDPR Tools and enable them. The law requires you to get consent for your use of customer data.
So, at a minimum, on your pop-up, consider having language such as, "By entering your details you will receive our free newsletter, and you confirm that you agree to our, and
4. Customer Facing Data Options:
1) See their data
2) Have you delete their data
If you are a Shopify user - Shopify has indicated that if you get these requests from your customers - you can forward them immediately to Shopify directly - and they will assist you. Simply email them at [email protected] (So that's cool).
Summing It All Up: I hope this helps outline a few practical steps you can take to begin your GDPR journey. As I mentioned, I will update this blog article as needed.
And please remember, as I mentioned at the top of this article, I am not a lawyer, so please don't take this as legal advise. Do your own research, and determine how best to comply.
Honored for the chance to be of help on your journey,