How the new data protection law affects my online store

If you have entered the Internet in recent weeks you will have seen that a huge amount of web pages and applications (social networks, e-commerce and services of all kinds) are launching pop-ups for you to accept their new privacy policy. This happens in the midst of a media storm following the Canadian CTO CIO Email Lists data breach scandal of Facebook and Cambridge Analytica, but the reason is different: the  RGPDor  General Data Protection Regulation . So today I want to explain how the new data protection law affects an online store.

Canadian CTOs CIOs Email Lists

This new European regulation was published in May 2016 and will come into force as of May 25,replacing the Organic Law on Data Protection ( LOPD ). And there is practically no web page that is not affected, no matter what type it is, from any blog to the very Facebook.

To whom the new data protection law applies

The new law affects practically any entity that operates within the European Union and manages data from its users, be it a physical or digital company. That is, to all God!

Those affected are:

  • Organizations with physical presence in at least one country of the European Union.
  • Organizations that store or manage data on residents of the European Union.
  • Organizations that use third-party services that store or manage data on residents of the European Union.

This means that if you have any type of form in the contact section, a subscription form to your newsletter, or even a basic form in any corner of your website in which any EU user leaves his mail, the law It affects you. In fact, even if your website or online store is from Latin America and has traffic from Europe, it also affects you. Obviously if you are an online store that handles the payment data (credit cards) of your customers, it is a much more delicate level.

Penalties of up to 20 million euros

Yes, yes, as you just read. Failure to comply with these rules implies much harsher penalties than hitherto, which can go up to 20 million euros (the law provides for fines of up to 4% of the annual turnover), which ridicules what is proposed by the current law, sanctions up to € 600,000.

News of the RGPD

To give you an idea, the most important novelty is that you can no longer work with third-party databases, but also that the definition of personal information is extended: any data that we request and that is not directly related will fall into this category. with our activity.

In addition, it contemplates greater protection for individuals:

  • Right to be informed:  we must offer more transparency on how your personal data will be used.
  • Right to access: it  is necessary to provide access to the data of each user and explain how they are used.
  • Right to rectification:  any incorrect information must be able to be corrected.
  • Right to be deleted:  the data must be deleted if there is no good reason to store them.
  • Right to restrict processing:  the user can allow us to store their data, but not to use it.
  • Right to data portability:  the user has the right to make copies of their data to be used elsewhere.
  • Right to object:  the user can now object to certain uses of their data so that they are not used for certain purposes.

How it affects, in practice, an e-commerce

The new data protection law implies that the following practices can no longer be carried out under any circumstances:

  • Send emails who have not actively requested to be on our list.
  • Buy lists from third parties or merge lists of different companies.
  • Send automatic emails to recover abandoned carts or report offers, unless the buyer has given express permission.
  • Refusing to provide customers with their personal information if requested
  • Send messages through SMS. This is important: to comply with the new law, you must adapt your forms and eliminate the automatic opt-ins. Correct all the forms in which you have activated, by default, the box “I subscribe to the newsletter” or “I accept the privacy policy”. The user must give their consent voluntarily and manually. In addition, next to the box you must inform about the main aspects of the processing of your data together with a link to a page with the complete information.

Leave a comment

Your email address will not be published. Required fields are marked *