Step by Step Guide to Make your Business Comply with GDPR

Is your website compliant with the new policy of GDPR? Read the effects, guidelines and know-hows of the policy in order to make your website compliant with GDPR policy.

About GDPR policy

General Data Protection Rule – GDPR is Europe’s new data protection law came into effect on 25th May, 2018 will protectpersonal information of individuals. It will have impact on how companies will collect and use personal data of their customers. With this, Europe is now covered by world’s strongest data policy law.

Europe had initially launched data protection law in the year 1990s but due to the changes and updates in the technology it struggled to follow it. After four years of crucial discussion and two years of preparation time it was finally came into force on May, 2018 replacing the previous data protection law. The purpose of the law is to protect individual’s information by boosting their rights and providing more control of information use by companies.

Who are getting impacted by new GDPR Policy?

All the Individuals, Companies or Organisations who are ‘Processors’ and ‘Controllers’ of data are getting affected by new GDPR compliance. Irrespective of the business location, the policy applies to all the businesses dealing with European customer.

Whether the business is based in Europe or outside Europe, whether they have branch in Europe or not, if the business is selling the products to European customer they must have to comply with this new GDPR policy.

What is covered under GDPR Policy?
  • Personally Identifiable Information like Name, Address, IP address etc. that can identify as a person
  • Sensitive Personal Data includes religious data, genetic data, political views etc.
  • Pseudonym personal data also added to the new policy wherein fictitious name which can also identify someone as a person
Consumer rights in the new GDPR policy

Due to massive data breaches of Linkedin, Yahoo etc. in recent years, giving protection to individual is become important. Many rights are given to individuals in order to protect the data of in this new compliance.

  • Responsibility of an organisation to take the consent of the people to collect the information
  • Easier access to individual about the data companies hold about them
  • A new fines regime

This policy is a positive move, leading towards an evolution in the industry.

Organisation’s accountability towards Individual

Companies collecting the data of individuals are accountable for the data they are processing. They have to maintain data protection policy, data protection impact assessment and documents mentioning how it’s processed. One must need to revise their privacy policy according to the GDPR compliance and need to mention lawful basis.

Companies having employees of more than 250, have to prepare and maintain the documents about customer data collection, how the data is processed and used. Companies have to keep the track record of your data processing activity.

Companies processing sensitive personal information of individuals for ‘regular and systematic monitoring’ at a very large scale have to employ a Data Protection Officer (DPO).

It is important for an organisation to take the consent of an individual before keeping and processing the personal data. It must be freely given, specific, informed and unambiguous.

Easy Access to customer’sdata

Customer can now ask for the information company possess about them and how they’re using it. Under Subject Access Request (SAR) they can ask companies to provide the data at no cost.

Companies or organisations must have to serve the information to client within a month of duration when SAR is submitted by customer. They do have the rights to deny its usage and remove from companies database if won’t find convenient.

New fine regime

The most talked elements of new GDPR policy is its Penalty regime. The new compliance started charging fines to the companies or organisation not following the GDPR rules and regulations although falling in the category. If the organisation doesn’t keep and maintain the user’s data in correct way, don’t keep the documentation of how the process the data if required, if required to keep the data protection officer and still not employing falls under breaking the compliance and thus penalty would be charged.

Read ICO’s guide to prepare for General Data Protection Regulation (GDPR).

GDPR1

It’s essential for the companies to plan their companies approach in order to comply with the rules and regulations.

Ecommerce Store owners and GDPR

GDPR has to be followed by all the sites, ecommerce businesses, tools and every kind of business although there are few liberties for Small businesses. Be it Apple or Samsung, Walmart or ebay, search engines like Google, Marketing tools like Mailchimp, ecommerce platforms like Magento etc. the regulation has to be followed by everyone.

Find below what are the actions e-commerce companies need to take in order to comply with GDPR.

1. Free Opt-in form, Mention term and conditions for opt-in, Easy opt-out

2. Mention clear and detail Privacy policy and Terms of use on your website

3. Online payment details data processing– foe ecommerce website while processing online delivery and payment you must be collecting the database. Make sure you determine the usage of it and how you process it. Also, mention on what interval you erase that data.

4.Clear Cookie policy statement and banner It must be important for the businesses to take the consent regarding cookies policy.

5. Make sure third party tracking software also comply with GDPR – Marketing Automation Tools like Mailchimp etc. also have to comply with it. Mailchimp has incorporated the norms mentioned in the system in order to provide the continued great services.

gdpr4

6. Your digital marketing campaign should also comply with New GDPR policy One must need to clearly mention how you going to use and process the data for your marketing campaigns before bombarding customers with the promotional emails. Stop buying the list of emails anymore. You must need to take the consent of your clients to send them emails. GDPR2

7. Personal Data documentation – Collect, Combine and Align the data and prepare a document so that whenever any Subject on request comes you can immediately deliver the details and process. Identify the source of data.

8. Allow user to access and delete their data

To sum up:

Don’t take it as a headache! It’s an opportunity to do more business with European clients. Chances are higher that Europeans will associate with you, if your business complies with GDPR.

For more information, review –

Guide to the General Data Protection Regulation (GDPR)

Data Protection in EU

MobiCommerce is a platform to transform your online store into a mobile shop with the help of Magento Extension and PrestaShop Module. It makes your business available to mobile users, simplify shopping experience and promote your business with mobile presence.