What is GDPR
GDPR is the General Data Protection Regulation. It’s a regulation brought in by the EU, essentially it forces companies that use customers personal data to state how they process this data in clear and plain language.
What Is Considered Personal Data
Personal Data is any information that can be used to identify you. This includes biographical information such as your name, your address, your date of birth, gender and more. Other types of information that is considered personal data would be any form of contact information, including email addresses or phone number. Other types of personal data covered by GDPR is payment information, photos of you or your property and information collected when you contact a business.
How Will This Affect Ecommerce
GDPR has a major effect on Ecommerce businesses selling in Europe, regardless of the size of the business. Unfortunately GDPR is a lot to take in and can be rather daunting for small businesses (and even big businesses.) Thankfully there is a way to break GDPR down into 7 simplified principles
- Lawfulness, Transparency and Fairness.
Potentially the most important principle of GDPR. This principle enforces all organisations that comply with GDPR to be clear about any data they collect & why they are collecting it. It also means that if a data subject requests further information on the data collected on them then the organisation is bound to comply in a timely manner.
- Purpose Limitation
This principle means that businesses must have a legitimate and specific reason for collecting data. This also means that the data can only be used for the purpose it was collected for unless the data subject has given consent for it to be used further.
- Data Minimisation
This principle means that the data collected must be ” adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed” this means that businesses should only store the minimum amount of data required for their purpose
This means that any personal data must be update to ensure it is accurate. This means that if you’re unsure if the data is accurate or think it may be outdated you must erase it.
- Storage Limitation
Essentially this section of GDPR requires businesses to erase any personal data that is no longer required unless you have a genuine or legal reason to continue to store it. There is no set limit for how long you are able to keep data so it is down to businesses themselves to determine a time frame for this.
- Integrity and Confidentiality
This principle enforces businesses to take all the appropriate security measures in order to protect any personal data they have stored. This applies to both external security threats and internal threats such as unauthorised access. GDPR does not provide exact security standards to follow, only mentioning that businesses must take the appropriate measures.
This is the newest principle of the 7. It ensures that businesses take accountability for any personal data they store and that they are complying with the 6 other principles. This means businesses must be able to provide evidence they are GDPR compliant.
If you would like to have a more in-depth look into GDPR you can find the full document here .