>Share this post<
by Irina Ciutaco
April 21, 2022
The EU data privacy law which appeared on 25th May 2018 is designed to allow people to control how their data is being used and protected online. It also allows organisations to use and secure personal data that is collected from other individuals, including the obligatory use of technical safeguards, such as encryption and higher legal thresholds. The organizations that do not follow these regulations will need to pay penalties of up to 4% out of their global revenue or €20 million.
The eCommerce GDPR compliance guarantees protection and control over personal data in case it is collected, used or sold. Needless to say that the purpose of GDPR is to offer protection to visitors' data belonging to European citizens. Moreover, the GDPR law applies to organizations that hold this kind of data, whether these organizations are in Europe or not. This is also known as the “ extra-territorial” effect.
1. Privacy policy page
There is no doubt that the privacy policy page should always be accessible on your website and every time you have to store data about users. A privacy policy is a juridical document that shows how and why you collect people´s data and it should be available to users whenever their data is collected. Furthermore, the information that should be in the privacy policy is presented in Articles 13 and 14 of the GDPR. A company that stocks individuals' data, information on who they share it with, how they protect it, why they are allowed to process it and what rights people have.
Furthermore, the GDPR compliance for SaaS companies requires that the users are 100% in charge of their data. In their designs, companies are called “dark-patterns¨ and get more than 90% of users to click the “accept” button while the stats are showing that just 3% are willing to agree. To counteract this behaviour, Noyb launched the second round of their movements, as a follow-up to their first instalment, which went live on May 2021. Other 270 draft complaints have been sent to website operators whose banners are not fully complying with the GDPR. Since Noyb offered guidelines for companies, more and more eCommerce brands implemented compliant banners and improved their status.
What you should do:
As a GDPR compliance eCommerce to-do task, you should advise your customers about the purpose of your cookies and trackers before managing something else apart from the mandatory cookies.
Nevertheless, GDPR compliance for eCommerce is being proven through a landing page that forces customers to either approve or decline your request to use their data. Most retailers are “all or nothing”- either they approve of every way that you store and use their data, or they decline. In case they approve, the shopper will go back to use your complete site. If they decline, they will be blocked.
4. Make website adjustments
There is no doubt that this is a mandatory GDPR compliance for eCommerce, this being a very delicate topic, in particular for developers and marketers.
In fairness, only 80% of the issues can be sorted out by changing the forms and getting consent for cookies.
For example, on the Kooomo website, you can discover the GDPR landing page, and find more information regarding the way we store the data of our customers.
5. Opt-In Forms
How Kooomo can help
Our servers are hosted in Europe and we do not share any third-party data outside of Europe. We follow strict guidelines on how to handle personal data. For more information, follow this link.
As we have seen above, GDPR compliance in eCommerce requires a lot of knowledge and preparation. Kooomo facilitates this whole process and provides you with 100% GDPR compliant software.
More to explore
Here’s an overview of the latest improvements that are now available in the Kooomo platform.
In the next few years, we are foreseeing an impressive increase for the global retail industry. While this can be beneficial for the global eCommerce industry, it also means that there will be more competition, as well.