As you may already know, the new General Data Protection Regulation (GDPR) will become enforceable on May 25th, 2018. This means there’s some major changes happening in the world of online retail. With that, you need not only prepare, but be ready to rock and roll when the GDPR goes into effect. To make the transition a little easier for you, we created this list of things you should consider before the big day.
The Early Bird Gets the Worm
The sooner you start preparing for the changes that come with GDPR, the better. The first step is making sure those within your business or organization aware of how GDPR will impact your operations and ways you can all prepare. Next, you’ll want to identify any risk factors should they exist.
Hire a GDPR Accountability Coach (aka Data Protection Officer)
Adapting to the new GDPR standards may include adopting the role of a Data Protection Officer within your organization. Think of a Data Protection Officer as GDPR accountability coach. Their role would be to ensure GDPR compliance & help set guidelines should there be a data breach within the organization. In short, they help keep your business accountable for adhering to standards, policies, and guidelines enforced by GDPR.
Work with What (Data) You’ve Got
In order to comply with the GDPR’s accountability principles, you’ll want to audit any existing data you already have. You must be able to identify the accuracy (or inaccuracy) of the information you not only have, but have shared with other businesses or organizations. Pinpointing the who, what, where, when, why, & how you store and share data will help you establish organizational processes required by GDPR.
Give Your Privacy Policies a Makeover
Under GDPR, new considerations may have to be written into current privacy policies and notices. These considerations are intended to make privacy notices clear and understandable, especially to children. Be sure that your privacy notices and policies include all the necessary elements to be GDPR compliant. (Click here more information on privacy notices under GDPR)
Did they say ‘I Do’?
Further steps should be taken into consideration for obtaining consent to collect data, especially with regards to consent from children. Consent within the scope of GDPR is important because it directly impacts how online retailers advertise to consumers within the EU. Without consent to collect, store, use, and share personal data, you will be directly violating the GDPR standards.
The Right to Remain Anonymous
Under GDPR, consumers (your customers) have the right to remain anonymous. They can do this by requesting any of their personal data be removed from your systems. Anything from email used to purchase, to name and address, and even their IP addresses can be requested for removal. You have to be ready to do this, which is why an information audit system is not only important, but highly suggested.
Whether you’re a big-time retailer or a small business with a modest number of loyal customers, as long as you have EU customers, you need GDPR compliance. Identify any risk factors, implement necessary measures, and make all the essential changes. The sooner you start, the better it is for your business.