Have you heard about the GDPR law and do you know what it stands for? GDPR stands for General Data Protection Regulation. “The GDPR, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Direction in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data.” It is very important to understand that even if you are not an EU business but you are selling to EU customers you need to be in compliance with these regulations or you could be subject to penalties and fines (up to 20 million eud or 4% of your worldwide turnover for the last 12 months).
“GDPR requirements apply to each member state of the European Union...some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
The GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizen’s personal data.”
This data is anything personal from your name, email or photo. The GDPR went into affect on May 25th 2018, if you are not in compliance with these regulations we suggest you find someone who can help you in order to avoid the costs and penalties.
What other companies are doing, for example “ShipStation has obtained certification to the E.U. – U.S. Privacy Shield Framework, long considered the beginning to GDPR compliance, including the lawful transfer of data outside the EU.” In a nutshell “What we need to do if we are processing personal data, we need to bear in mind certain principles and we absolutely need to make sure we have got a lawful ground of processing that data. That’s really what GDPR is all about,” said by Suzanne Dibble, a multi award winning data protection lawyer.
All in all, make sure you are on that lawful ground because the GDPR applies to every business owner selling to EU customers and can have a huge impact on eCommerce businesses. Even if you are not selling to EU customers yet make sure you are educated on these privacy regulations so you understand the market you are in regardless of you are selling to.