Overview of the GDPR Policy for a online retail business

on


In 25th of May,2018 the European Union introduced the newsest data privacy law, i.e the General Data Protection Regulation-came into the picture. GDPR sets a new bar for privacy at the most exstensive law in the world. The companies which gathers and handles European cutomers’ personal data will be heavily impacted.Retail industry and companies planning to sell to European customers in the EU or EEA, have to ensure their policies are GDPR compliant.

3 types of groups affected by the new law:

Data subject - Client,user,employee- anybody located in the EU providing the mentioned personal data.
Data controller- Retail & e-commerce companies collecting,managing,using  or storing any personal data.
Data processor-  Third party services providing ecommerce,marketing & shipping to those retail companies that process the only the data. Companies like DHL,Shopify & ERP systems etc.

GDPR’s impact on Retail industry

     The list of things which you need to do to ensure your company comply with GDPR law:
·       Make your consent instructions clear & actionable.
·       Complete a Privacy Impact Assessment(PIA), as mandated by the GDPR.
·       Decide what data from EU you need to store & ensure that you have the proper premissions.
·       Revise your website’s privacy policy to comply with GDPR & notify your existing customers to accept your new policy.
·       Decide the process & functionality needs to be established to comply with customer’s new rights to access,correct,delete & export their data.
If the retailer asks the customer to create an account, later customer can ask the company to delete their account,purchase history and actions for which the retailer is entirely responsible. The “right to be forgotten” process must be easily navigable,docsumented & clearly advertised for any customers who wish to delete their personal data.

Key points of GDPR for Retailers

GDPR law gives more rights to the people over their personal data. It gives your client or user the right to access,corretc,delete & restrict the data collection & storage.Personal information like IP addresses,location & behavioural data needs to be masked & shouldn’t be shared with third party without customer’s consent.

GDPR does not outperform other laws. For example, if you have to keep personal data to prove the VAT charges, this needs to be kept for tax compliance. The rule in England & Ireland is 7 years. This may vary depends upon the countries.

1.      Recruit a staff member to look after the Data protection policy. Make sure your  employee has completed data protection training  & certified for that.

2.      Specify the contact details of DPO(Data Protection Officer) in your organistaion & inform the cutomer how to lodge a data subject access request.

3.      Using phrases like “we may use your information”  is not acceptable  as it’s not precise. Permisiion must be straight-forward & recorded.

4.      Data breaches must be recorded & necessary action needs to be taken with a preventive measure within 72 hours.

This applies for small businesses too, the data protection commisioner officer may not audit your company now. But they can do that at any tike Iin the future and failure to abide all the above points are unlawful.

Author: Mahindan Uthayakumar

Keywords

#GDPR Policy

#Data protection

#Online business

#Retail industry

#Customer data

Reference

Flow. 2021. How to Make Your European Ecommerce Business GDPR Compliant | Flow [online]  Available at: <https://www.flow.io/blog/how-to-make-your-european-ecommerce-business-gdpr-compliant/> [Accessed 20 March 2021].

Willows consulting. 2021. GDPR for eCommerce | Willow consulting [online]  Available at: <https://www.willows-consulting.com/gdpr-for-ecommerce/> [Accessed 20 March 2021].

Image reference: The Conversation, The Guardian.

Comments

  1. Digital and DivineMarch 23, 2021 at 9:56 AM

    Nice piece of writing on GDPR. Congrats!
    According to me, the GDPR's goal is to implement a uniform data security law on all EU countries, removing the need for each member state to write its own data protection legislation and ensuring that rules are consistent across the EU. It is important to note that, in addition to EU members, any business that sells products or services to EU citizens, regardless of its location, is subject to the regulation. As a result, GDPR would affect data protection standards around the world. I believe it will be another massive waste of time and resources for small businesses, similar to CAN SPAM, which would further solidify Fortune 500 firms across all business sectors. While doing very little to address the underlying cause of the issue. In this new world, data is a precious commodity. While GDPR presents us with problems and suffering, it also presents us with opportunities.Companies that demonstrate that they value an individual's privacy (beyond legal compliance), who are candid about how data is used, and who design and enforce new and improved ways of handling customer data across its life cycle gain deeper confidence and maintain more loyal customers.
    When it was first announced in 2016, it appeared that new companies would have plenty of time to prepare. But, despite the fact that the deadline has passed, several businesses are still scrambling. So, if you haven't already begun your compliance trip, we strongly advise you to do so now.
    Dedicate time to learning what you'll need to do to become compliant, and use the practical advice in this article to get started. Create a plan of action for your GDPR trip so you can ensure you and your company are GDPR compliant as soon as possible.

    -- Thomas Devasia

    ReplyDelete
  2. AkshataMarch 27, 2021 at 11:55 AM

    Those who saw the GDPR as an opportunity to get their data-house in order and to enhance the quality of the personal data stored under their supervision are certainly reaping the benefits of GDPR efforts. With data increasingly becoming a liability, and with the move from Big Data strategies to Smart Data strategies, knowing where your data resides and what you can use them for is not only a GDPR requirement, but absolutely crucial for any data-driven business development initiative.

    ReplyDelete
  3. live inMarch 28, 2021 at 11:47 AM

    This article about the overview of GDPR policy and its importance in retail marketing industry is a good work and important piece of knowledge. The role of the GDPR in data collection is crucial. The data collected by people should be analyzed by others who have the rights of a well-defined data provider and the ability to analyze what should and should not be used. The GDPR should assume responsibility for how individuals and institutions handling personal data to protect it. GDPR has changed a lot of aspects for the retailers especially the way of marketing activities are managed and the way of working of the sales team.

    ReplyDelete

Post a Comment