How to prepare for a general data protection regulation?

In this article, we will try to explain what GDPR is and how you can customize your business so you don't have to be bothered about it in the future. Moreover, it can come in handy if you adjust in time, as it will bring credibility to both existing and potential customers.

What is GDPR?

The GDPR will force any company operating in the European Union or wishing to work with the European market to adapt to the new rules on the collection, storage and use of personal data.
As far as the British market is concerned, the regulation will come into force before Brexit and it is highly likely that it will remain in force after Britain's withdrawal from the European Union. The GDR will update the Data Protection Regulation, which has been in force for 20 years and will make the legislation more appropriate for a modern digital world.
The regulation gives equal responsibility to all types of customer data: photos, social media messages, IP addresses, bank data, ID numbers, etc. All customer data, regardless of origin, should be collected with the customer's permission and stored in a secure repository. If we ask the website users to enter information about themselves, regardless of whether we have collected the data through cookies without their consent (at best, noticing them that we use cookies), then the data collection will have to be unlocked until the customer agrees to hand them over to you.
Despite these conditions, the GDPR rules are not unchangeable. The regulation refers to terms like "reasonable security" and other generic terms that suggest that information from social networks will be included in one category of data security with bank card data. One thing is clear - customers will need to give their consent to the storage and use of the data on the website. Pre-checked fields for news or long usage terms with uncertain privacy statements will become a thing of the past.

Threatening big penalties

With new rules, there are also new penalties for non-compliance. In case the e-commerce website does not protect the customer data or other regulations of the regulation, the website owner can be fined up to 20 million euro or 4% of the total company's turnover (4% of the company's total turnover is applied if it exceeds EUR 20 million). At this point in time, this punishment seems inadequate and is likely to be applied only to those who have previously have been misusing the personal data collected. This does not mean that you should not take it seriously. Anyone will be able to file a complaint to the Data State Inspectorate about an e-shop that collects personal data without the user's consent.
How to prepare for a general data protection regulation?

The GDPR document consists of over 50,000 words and is not the most interesting reading material. In order to save your time and common sense, we have collected 5 general guiding principles from the GDPR that should be followed:

Review existing data exchange processes:
Make sure the customer data collected and used is secure. Despite the fact that data processing is directed to third parties, such as website analytics, automated marketing, payments, etc., the website owner who collects these data (in this case, You) will be responsible for their security. In order for the customer to be informed of the use of his data, he will have to indicate who will use the data and make sure that the data controllers (third parties) have adapted to the GDPR rules.

A great example is the Facebook Pixel code that is used for advertising purposes on Facebook. When you enter a Pixel website, the user will have to report its existence and the data it collects. In addition, you must make sure that Facebook has done everything necessary to ensure the security of the data transferred in accordance with GDPR.
Provide access to customer data

Allow the visitor to view the data that is collected about him. Each data community needs an explanation of why these data are collected and used (in this case, all third parties).
The visitor will have the right to request the collected data and download it immediately, so you should think in time about how to implement this feature on your website.
The chance to be forgotten

The GDPR mentions that the client should be able to be forgotten. What does it really mean and what is it different from deleting personal data? The Regulation applies to the data by which they can be linked to a specific person thanks to the unique ID number assigned to each visitor. When a customer wants to be forgotten, the ID number that can be used to identify the person's data is permanently disconnected. The result of that particular visit is not deleted and can be used.

For example, Peter has set up a Facebook Pixel in his e-shop to help visitor Anna show Facebook advertising with her bestselling product for women. When Anna asks her to forget, Facebook Pixel can no longer determine what it was about visitor, gender, age, etc. type of information and thus display relevant advertising. On the other hand, the Facebook Business dashboard shows you have recorded one anonymous visit that Peter can use for general data analytics.
Clear consent to marketing activities
There is a risk of being included in the list of marketing emails used for news and stock announcements when shopping online today. Often these promotions appear more often than they would like to receive. Let's be frank - there are only so many resources to spend every month on new home appliances or beauty products. Thanks to GDPR, you will no longer receive this type of message without your prior consent.

E-shops, which are already sending unsolicited mail without prior consent, do not build trust, so marketing professionals who take care of the brand's long-term viability make it possible to tick the box on reaching e-mails. This is a great practice, especially if this field is not pre-filled.

Upon entry into force of the Regulation, an additional requirement will be to inform the visitor of the third parties to whom their information is transferred, more specifically to indicate it in the input field. If e-mails are collected using tools such as MailChimp, Mailigen, or Mailerlite, then the box to be ticked will indicate that their email will be passed to the appropriate marketing service provider. This applies to all data used for marketing purposes.

Immediate action in case of data leakage

Historical events show that there is a risk of data leakage regardless of the company. As with a fire, there must be a plan of action and a responsible person who took responsibility for further actions at the time of the accident. From 25 May next year, larger companies will have to be responsible for data protection, which will be responsible for reporting data leakage to the relevant data protection authorities. E-business must have a rigorous action plan that provides for the event to be communicated to both the public authority and customers within 72 hours of the event.

Is there any benefit to e-shops from GDPR?

Definitely! They are not just unnecessary headaches and rules. It is an opportunity to gain the credibility of European customers and distinguish themselves from competitors who may not respect GDPR.

Google has previously prioritized safer websites after HTTPS implementation and is likely to continue this trend. As they will determine if your website meets the requirements of GDPR, it is not yet known, but as data security becomes more and more prevalent worldwide, the leading search tool will make sure that its visitors reach the safest end targets.