GDPR & ePrivacy Changes: The Impact on eCommerce

On the 25th of May 2018, the new GDPR legislation will be applied throughout the European Union. This, combined with new ePrivacy rules, will ensure that there is a considerable change to the way that consumer data is managed. This will have a significant impact on the way that eCommerce retailers operate.

What is GDPR?

GDPR stands for the General Data Protection Regulation. Essentially, this is a new set of regulations that have been introduced to cover how companies throughout the EU collect, process and hold customers’ personal information. It is set to come into force in May 2018 and, at the same time, the existing ePrivacy laws that are in place will be updated. The current ePrivacy laws are in place to protect customers’ online privacy when searching and shopping. These rules apply to a variety of online tools which target consumers, including e-marketing, cookie data and messaging tools.

You may be wondering whether this legislation will apply in the UK after Britain’s exit from the EU. An extremely similar version of the legislation will be introduced in the UK post-Brexit. Additionally, both of these regulations are relevant to the receiving country, which means that any marketing travelling to EU countries will need to comply with both GDPR and ePrivacy regulations.

What Do eCommerce Retailers Need Know?

eCommerce Retailers will need to start planning how they are going to manage the new rules. The rules are yet to be finalised but there are a number of draft consultations which are available for eCommerce Retailers to access. These are some of the key things that eCommerce Retailers need to know:

  • Data privacy will apply to all channels, including social media platforms which use messaging services like Facebook and Instagram. It will also include social channels such as Skype, Messenger and WhatsApp.
  • All B2C communication on any channel has to be opted into.
  • Parental permission is required to collect data from any marketing targeted at children under 16 years of age.
  • The definition of personal data will become much broader, including social, cultural and economic data.

What Impact Will This Have?

There are a number of different steps that eCommerce retailers will need to take to ensure they are meeting the requirements of the 2018 general data protection regulations.  One of the main things they will need to do is review all of their data consent systems to ensure that they cover all of the channels included in the GDPR.

eCommerce retailers will also need to look at how they process individual records. You will need to consider the follow questions: how will you provide customers with their personal data if they request it? What action will you take to ensure that customers have the right to be forgotten? Will you or your data suppliers be responsible for the management of your data?

The way in which customers’ data is stored is another area which will need addressing. First, eCommerce retailers should make sure that they are not storing unnecessary customer information. In general, it’s best to avoid holding onto data that is no longer needed. Where the data is stored is also important. If you’re using cloud storage or other off-site storage solutions, your data supplier need to be compliant with the general data protection regulation 2018 and the latest ePrivacy regulations.

At Parcel Delivery, we are already taking steps to ensure that we comply with the latest online privacy regulations.