The intention of this article is to recommend a set of actions for your eCommerce business that will make your website General Data Protection Regulation (GDPR) compliant. We suggest all store owners read through and contact our NetSuite eCommerce if you need assistance on any of the points stated below.
What is GDPR?
GDPR stands for General Data Protection Regulation and is no more than a set of rules on how EU customer’s data must be managed. It’s applicable to large and small-sized businesses that offer products or services that manipulate EU citizen information. This means that if your store is open for them, then, you will be required to be GDPR compliant, no matter if you are located in Europe, North America, or any other part of the world.
GDPR regulation is a large document valid since 2018, and as many regulations have many vague points, we want to keep it simple for you and point out a practical checklist of to-do’s (now, if you want to dive into the source, be our guest!).
1. Add a cookie consent bar
Convey your customers that your site requires cookies for a better experience. Clicking the “Accept” button on the banner allows cookies to work, and therefore to track and store your user’s data. It is recommended as well to have a link to your Privacy Policy within the bar, so shoppers can learn more about your intentions and even deactivate cookies from this page. See how to integrate your cookie consent bar with GTM.
2. Move your tracking codes to GTM
Tools such as Google Analytics, Google AdWords, Facebook, Mail Chimp, Bronto, and others are well aware of the new policy and expect to have their business GDPR compliant by the 25th of this month. Nevertheless, your integrations must be manipulated, and moving all your third-party code within the Google Tag Manager is the best choice, so when your customers give their consent all your tracking codes will be centralized and activated at once.
3. Opt-out ability for users
Allow your users to be able to “unsubscribe” either by presenting a link on My Account or on your email communications. Also, do not assume what your users want – as an example, avoid pre-ticked boxes or fine print consenting things.
4. Make your intentions clear
Collect only the necessary information from your users throughout the shopping experience. If you really need to collect specific data, be clear on what you need it for. No sneaky stuff is allowed!
5. Update Privacy Policy and T&C pages
Your Privacy Policy and Terms & Conditions pages are the best place to accurately inform your customers on how your business manages their personal data in regards to the GDPR compliance. Here is a list of things you could consider to communicate:
- What information is being collected?
- Who is collecting it?
- Why and how is it being collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What will be the effect of this on the individuals concerned?
- Is the intended use likely to cause individuals to object or complain?
6. Data encryption & certification badges
Protect your user’s personal data and tell them you are doing so. Make sure information is encrypted (NetSuite is taking care of that) and indicate so on your website. Add that you support data protection, buyer protection, and SSL encryption. Displaying a certification badge on your homepage footer or email template could be a good idea.
