How do I become GDPR Compliant?

Log in to reply
M

messiah

Free Member
Apr 18, 2015
62
4
36
  • #1
    I've only just been made aware of this and now I'm beginning to panic a little...

    I own a small eCommerce store and am the only employee. Hiring a legal expert is simply out of the question.

    I've done a bunch of reading but I cannot find anything I need to do, in layman's terms, for how to become compliant.

    Can anyone advise me here?
     
    iDigLocal

    iDigLocal

    Free Member
    May 9, 2018
    150
    32
    Stroud, Gloucestershire
  • #3
    we have put together a guide on our website ( /guides/website-design/website-gdpr-2018-ready/ ). We can't put the whole url up as we are not allowed. It should explain to you what you need to think about.

    Firstly you need to do an audit: What information are you collecting, who are you sharing that information with and how is it being stored. As long as you are not collecting sensitive personal information it makes it relatively easy. Ordering can be seen as implied consent and the info you will be collecting, although personal is not sensitive.

    If you are using newsletters or passing info to third parties you will need explicit consent. I.e. they will have to tick the box not be presented with a box already ticked.

    You will also need to take into account any visitor tracking data that is being collected by the likes of google analytics. IP addresses are regarded as personal data. Google has features to anonymise this data.

    You e-commerce platform has probably taken steps already to make it GDPR compliant so you will need to look into this.

    Lastly you need a privacy policy separate from your general terms and conditions. One for cookies and one for your handling of data. It needs to state how people can get request their data and also how they can request to have it deleted.

    Start with an Audit. This will give you some structure to work with.
     
    Upvote 0
    iDigLocal

    iDigLocal

    Free Member
    May 9, 2018
    150
    32
    Stroud, Gloucestershire
  • #5
    @OMGVape it is because it is a way to track people and so collect additional data. We don't make up the rules. It seems that IPs are going to be classed as personal data.

    The thing is that the GDPR legislation is actually a bit vague. It is also untested. There is certainly some grey areas around what can have implied or explicit consent. Err on the side of caution.
     
    Upvote 0
    M

    messiah

    Free Member
    Apr 18, 2015
    62
    4
    36
  • #7
    iDigLocal said:
    we have put together a guide on our website ( /guides/website-design/website-gdpr-2018-ready/ ). We can't put the whole url up as we are not allowed. It should explain to you what you need to think about.

    Firstly you need to do an audit: What information are you collecting, who are you sharing that information with and how is it being stored. As long as you are not collecting sensitive personal information it makes it relatively easy. Ordering can be seen as implied consent and the info you will be collecting, although personal is not sensitive.

    If you are using newsletters or passing info to third parties you will need explicit consent. I.e. they will have to tick the box not be presented with a box already ticked.

    You will also need to take into account any visitor tracking data that is being collected by the likes of google analytics. IP addresses are regarded as personal data. Google has features to anonymise this data.

    You e-commerce platform has probably taken steps already to make it GDPR compliant so you will need to look into this.

    Lastly you need a privacy policy separate from your general terms and conditions. One for cookies and one for your handling of data. It needs to state how people can get request their data and also how they can request to have it deleted.

    Start with an Audit. This will give you some structure to work with.
    Click to expand...

    Thanks for all the info!

    Is the guide you mentioned here on UKB or is it a site you're personally affiliated with?

    As for the suggestion of an audit on what info I'm collecting and where it's been stored, (this appears to be very straightforward) it's all stored on Shopify and MailChimp. Have never, and have no intention of ever sharing any info with a 3rd party. I believe it's always stated so in the privacy policy.

    99% of my email list has been built solely from when someone places an order with us. Although the opt in box has always been ticked with opt in. Will I need to change this?

    Also, will i need to request explicit permission/opt in from my current list to continue holding their info?
     
    Upvote 0
    Log in to reply

    Latest Articles

    Top Bottom
    Community
    Articles
    Menu