In this article, we will provide a list of frequently asked questions related to the General Data Protection Regulation (GDPR) for ecommerce businesses.
The GDPR is a regulation in the European Union (EU) that governs the collection, storage, and use of personal data.
Have a look on our 11 steps related to GDPR implementation
With the increasing amount of personal data being collected and processed by ecommerce businesses, it is important to understand the requirements of the GDPR and how it applies to your business.
The questions covered in this article will provide a basic understanding of the GDPR and its implications for ecommerce businesses.
Questions you need to ask yourself related to GDPR
Which of the following best describes your company’s industry?
How many people work at your company?
Do you offer your products and/or services to people located in the European Union?
Do you collect information on your clients? (for example, their name, email address, credit card)
Is the client data that you collect encrypted?
Do you only collect client’ data that you absolutely need? (data minimisation)
When collecting your client’s data, do you ask for their permission (consent) and state how you will use it?
If one of your clients changes their mind and no longer wants you to keep their data, is this easy to undo?
Do you have a global view of all the data you collect and process? Has there ever been a record made of this?
How complete is this data inventory?
Do you have a specific process to make sure your clients have the ability to transfer their data to another provider? (data portability)
Do you know if you need a Data Protection Officer or not for your company? (Someone responsible for ensuring data protection compliance).
Which describes your company best?
Have you put in place a data breach notification plan?
How many third-party providers do you work with? (Hosting service, emailing solution, CRM system etc.)
Have you checked if your third-party providers are GDPR compliant?
Have you provided any training, or hosted any workshops / presentations about data protection to bring your team up to speed?
Have you updated your privacy policy? (or other online documentation available to the public)
Answer to those questions and make a list of actions you need to take. GDPR is an ongoing responsability and you need to take care of it immediately.