GDPR for eCommerce - Do You Need to Comply?

Posted on 4 May, 2018

The buzz is about GDPR and I am quite sure that if you own a website, it is on your mind all the time. When you do business online and worldwide, you need to be apprised of relevant laws.

GDPR which stands for General Data Protection Regulation is a data protection law passed in the EU in 2016. It focuses more on the rights of personal data protection which were drafted in the 1995 Data Protection Directive. 

This policy will come into effect from 25th May 2018  and it will have a considerable impact on your business if you operate it in the EU and if you have customers in the EU. So, unconcerned about the location of your business, you need to ensure that your system is in order with GDPR laws.

The laws of GDPR are to affect the global commerce big time reforming the way businesses are done worldwide. Previously, when a customer used to visit a website, the cookies were placed with a notification that their personal data will be used. But as per this law, the customers will have to be explicitly asked if they want their data to be used. 

What Rights Do Customers Get? 

‘Customer is the king’ will now prove true in real senses. With the GDPR laws, your customers will own their data and it will be no more ‘your’ data. 

If you have a business, you need to take care that you do not have data stored of any European citizen without their consent or you might face the consequences.

Also, as per the laws of GDPR, it is you who is answerable for the protection of the user’s data and you need to ensure that their data is accessible by them. 

If you possess any data of the EU citizen and if they demand that you delete all their data, you will be legally obligated to do that out of the strict GDPR law. They can also demand to know how much and what data do you have exactly which is pertinent to them. In case of any inaccurate personal data, customers have a right to get it rectified.

GDPR also gives the customers the right to port their data to some another organization.

This implies that the EU citizens can access, rectify, transfer, and even delete their data anytime. If you have some personal data of the EU citizens, then this law is applicable to you as well. So, all the GDPR laws boil down to leaving you with no option other than obeying your customers when it comes to their data.

What Constitutes Personal Data?

After the declaration of the GDPR, there was a dilemma as to what constitutes of personal data. According to Article 4, 

'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

To sum it up, if the data you possess helps you reach the EU citizen directly or indirectly, then that data can be considered as personal data.

How Does GDPR Affect Your eCommerce Store?

Collecting and storing data of website users is vital as this data can be used for marketing purposes and for enhanced functioning of your website. With the crafting of GDPR, it has become mandatory to get the consent of your customers explicitly before using their data.

You need to be completely transparent with your customers and customers will solely be in power of their data. Before accessing their data, they need to be informed about the purpose of that data usage, where it will be stored, if it will be shared with the third parties or not and if yes, which will those parties be. There should be no pre-checked boxes while collecting the data. 

You need to ensure that the communication process between you and your customer is easy and whatever you convey to your customer is clear. The form for the details to be filled must be “concise, transparent, intelligible and easily accessible form, using the clear and plain language” as per the rules and regulations. Customers can file a complaint against the organizations which do not comply with the GDPR rules.

Along with all of this, you need to keep a check on the following:

  • If your privacy policy needs to be updated or not?
  • Do you need to take consent from your customers for processing their data and if yes, how will it get done complying with the GDPR?
  • Will you comply with the rights of your customers in GDPR?
  • Do you use third-party applications and if yes, then do those apps comply with GDPR rules and regulations?

What Are The Consequences Of Non-compliance With The GDPR Law?

GDPR complaints can be filed by any EU citizen in case of non-compliance with the laws. Also, the supervisory authorities in EU member nations can file a complaint against an organization.

In case of non-compliance of GDPR, the organizations will face serious consequences. As per the regulations of GDPR, they can be fined up to 20 million euros or 4% of their global revenue. This fine will hurt the organizations big time as it is mandatory for every organization to follow the GDPR rules. 


All of this comes down to fair treatment of the customers providing them the rights to their data completely to them. GDPR, in spite of serious consequences, plays no negative role for the sellers but just gives the customers the rights they deserve. So, before these laws come into action, consult a person well-acquainted with the data protection laws and can help you bridge the gap between the current protection policies and the GDPR laws.

Rajal Barbhaya , Content Marketer


About Emipro

Being an emerging leader in IT market since 2011, Emipro Technologies Pvt. Ltd. has been providing a wide range of business solutions in Odoo & Magento. We are pleased to have a large pool of contented customers with our meticulous work in the domain of ERP & e-Commerce. Our customers are companies of all sizes ranging from startups to large enterprises who realize that they need a professional internet solution to generate revenue streams, establish proper communication channels, to achieve desired goals and streamline business operations. [....] Read More

Our writings seems informative ?

Subscribe for our Biznote and get more amazing stuff directly to your inbox!

Post Your Review


Your Review has been posted

0 Comment(s)