On May 25th 2018 the General Data Protection Regulation, GDPR, will come into effect. GDPR applies to all european citizens when visiting and shopping on all websites, not just european ones. That means that YOUR shop needs to be GDPR-compliant if you have european customers or web site visitors.
As fines for breaking GDPR can go up to 20 million euros (yes, really), very few companies can afford to take GDPR lightly. So here’s what you need to do:
4. Make sure you have separate active opt-in fields (not pre-checked) for giving you permission to use info like email address or mobile phone numbers for marketing or any other use other than fulfilling the order.
5. Make sure you have a system in place for sending people copies of the data you have on them on request. (Manual handling of email requests is fine to begin with.)
This is a good place to start, but GDPR compliance is very much more than a few easy(ish) tweaks. In fact, it is a matter of adapting your entire business to putting the customer first and ensuring that customer data is handled with care and respect.
One of the most important aspects is how securely data is stored. You need european or Privacy Shield certified hosting and storage partners, and you need valid data protection agreements with all providers of systems where customer data is being processed. That means Shopify, Oberlo, Google and others. Most suppliers are currently reworking their terms of service to comply with GDPR requirements, so make sure you accept the new terms.
This article is not exhaustive as GDPR advice. Please seek professional legal advice for further GDPR compliance strategies.