The General Data Protection Regulation is not a revolution but it represents a big change for retailers. ~ Giovanni Buttarelli
One of the best things about eCommerce is that it allows even a small enterprise to expand their reach beyond the borders. The recent boost in the industry has definitely brought the entire globe at the fingertip of the e-sellers. However, trading across the border comes with its own complexity. The General Data Protection Regulation of European Union is the latest concern of the industry.
It is mandatory for all the eCommerce that collects or processes the data of EU citizen to comply with the new law. Even if the company is not a part of the EU, but deals into the personal details of the EU citizens is required to adapt to the GDPR. Is the concept of GDPR bugging you? Then, let us start with the basics of the same.
GDPR is the new data privacy law of European Union. The law can impact the ways by which the companies collect the personal data of the customers and handle them. GDPR will come into force throughout the European Union on May 25, 2018. GDPR will replace existing data protection laws. The introduction of the regulation will bring about significant changes and will have a wide impact on the organizations worldwide that collects and uses customer’s data.
In case, any company fails to comply with the legislation, it will be fined 4% of turnover or 20 Million Euro, whichever amount is higher. In case of data breaches, the company should report it within 72 hours. Such company can demonstrate their security and data privacy procedures at a moment’s notice.
In short, GDPR gives more rights to the customers on their personal data. People will now get the right to access, correct, delete, and restrict the processing of their data.
Listed below are some of the rights that the customers will get once this law comes into force.
The right of access to personal data – The customers can retrieve their personal details that the eCommerce store has by sending a request for the same.
Right to erasure – The customers get an option to have their data anonymized/deleted from the database of the eCommerce site.
Right to data portability – This right facilitates the customers to export their account data in a CSV format and get the same transferred to another data processor.
Email Opt-ins in Form – A lot of companies use a pre-checked ‘Policy acceptance’ box in order to gain the consent of the users. As the customer registers or checks out from the site with the pre-checked box, the site gets the permission use their personal details. The silent or soft opt-in will not be acceptable for GDPR consent after the commencement of the law. Your website forms should ask the customers to check the boxes and provide you the permission.
Right to restrict processing – This option allows the customers to restrict the site from using their personal detail anymore for any purpose.
Right to be Informed – The companies need to inform the customers what are planning to do with the data at the time of collecting their information. The details of ‘where that data will be processed’, ‘how long you plan to hold on to the data’ and ‘the details of their rights under the GDPR’ and other related details should be clearly written in simple language. In short (under Article 13), you need to specify the source and purpose of collecting the customer’s personal data.
Right of Data Rectification – (Under Article 16) The customers can request the rectification of their data if required. You need to know everywhere in the organization where the personal data of an individual is saved, so that, it can be updated if requested by the customer. You should stay of aware of the third-parties that are sharing the information. If the rectification request is initiated by the customer, then, you’ll have to inform the third-parties the rectify the same.
Right to Object – In case, the customer objectifies, the company should immediately stop the direct marketing. A person should not be marketed to is a non-trivial undertaking. Hence, it can be probably achieved by a centralized CRM or by creating a single master list of objectors that all systems can refer to.
Rights relating to automated decision-making and profiling – (Article 22) The processes that use profiling must also allow manual override.
GDPR makes it the responsibility of the site to protect the data of the customers. The organization has to make sure that the store visitors, as well as the customers, can exercise all the rights they have. In order to do this, the eCommerce sites are required to provide a dedicated GDPR account page to the customer. For the Prestashop eCommerce store owners, Knowband offers an easy means to incorporate such a page on their site.
Prestashop GDPR addon allows the store admin to add a webpage on their site that allows the customers to access all their rights. With the help of Prestashop GDPR extension, the customers can request a report of their personal report, ask the admin to rectify or delete the data or limit the access of the details for the site.
The features offered by Prestashop GDPR individual right plugin are mentioned-below:
Right to Access Data: The Prestashop GDPR extension optimizes the eCommerce site and offers a feature to the site’s customers to access the data saved. The customers can request the site to provide the details of their personal information that is saved in the database of the site.
Right to Data Portability: The customers can even request the site to take the data saved with your Prestashop site elsewhere.
Right to be Forgotten: With Prestashop GDPR module, the customers can request the site to delete their personal details from the database.
Right to Rectification: The Prestashop GDPR addon even allows the customers to update the data if necessary.
Right to Restrict Processing (Coming Soon): This feature allows them to restrict the processing of the data. If the customer denies, the site will not be allowed to process the personal data of the customer.
Having discussed the basics of GDPR and the ways Prestashop GDPR extension helps you, it is now time to discuss the impact it can have on the eCommerce industry.
GDPR can turn out to be a real game-changer for the eCommerce industry. The online shopping sites collect a wide range of personal data.
The GDPR applies to every company that processes personal data. Even if the organization that is established outside the European Union, but is indulged in any sort of trading with any individual in the EU, then, it will have to comply with the data protection law. Prestashop GDPR plugin allows you to incorporate you the basic features offered to the customers regardless of your location.
Legal Basis for processing the data
The eCommerce companies regardless of the place from where they operate will have to identify a legal ground for using the data. Valid consent of the customers is required before they process their personal details. As mentioned above, the pre-ticked opt-ins will no longer be acceptable. Hence, the store owners are required to change the UI accordingly.
Transparency in data collection and handling
Under the GDPR, the companies are required to keep the entire process transparent. The eCommerce companies are required to specify the source from where they have obtained the personal details of the customers. Information must be provided about the third-parties with whom the data is being shared. Not just this, the eCommerce companies will have to provide data privacy notices at the time the data are being obtained.
The General Data Protection Regulation empowers the customers of the online shopping sites to have a better control on their personal details. Under the new rule, the customers can ask for their details that the company has. The customers can even ask the site to delete the information or restrict them from using the same. The eCommerce companies have to adapt their site for all these rights. Prestashop GDPR module is one of the ways that can help these companies to stay in sync with the new rules.
Prestashop GDPR is one of the ways for the Prestashop store owners to optimize their sites accordingly. It is high time that the companies to kick off their GDPR compliance that deals in the EU or are planning for the same.