The intention of this article is to recommend a set of actions for your eCommerce business that will make your website General Data Protection Regulation (GDPR) compliant. We suggest all store owners read through and contact our NetSuite eCommerce if you need assistance on any of the points stated below.
GDPR stands for General Data Protection Regulation and is no more than a set of rules on how EU customer’s data must be managed. It’s applicable to large and small-sized businesses that offer products or services that manipulate EU citizen information. This means that if your store is open for them, then, you will be required to be GDPR compliant, no matter if you are located in Europe, North America, or any other part of the world.
GDPR regulation is a large document valid since 2018, and as many regulations have many vague points, we want to keep it simple for you and point out a practical checklist of to-do’s (now, if you want to dive into the source, be our guest!).
Convey your customers that your site requires cookies for a better experience. Clicking the “Accept” button on the banner allows cookies to work, and therefore to track and store your user’s data. It is recommended as well to have a link to your Privacy Policy within the bar, so shoppers can learn more about your intentions and even deactivate cookies from this page. See how to integrate your cookie consent bar with GTM.
Tools such as Google Analytics, Google AdWords, Facebook, Mail Chimp, Bronto, and others are well aware of the new policy and expect to have their business GDPR compliant by the 25th of this month. Nevertheless, your integrations must be manipulated, and moving all your third-party code within the Google Tag Manager is the best choice, so when your customers give their consent all your tracking codes will be centralized and activated at once.
Allow your users to be able to “unsubscribe” either by presenting a link on My Account or on your email communications. Also, do not assume what your users want – as an example, avoid pre-ticked boxes or fine print consenting things.
Collect only the necessary information from your users throughout the shopping experience. If you really need to collect specific data, be clear on what you need it for. No sneaky stuff is allowed!
Your Privacy Policy and Terms & Conditions pages are the best place to accurately inform your customers on how your business manages their personal data in regards to the GDPR compliance. Here is a list of things you could consider to communicate:
Protect your user’s personal data and tell them you are doing so. Make sure information is encrypted (NetSuite is taking care of that) and indicate so on your website. Add that you support data protection, buyer protection, and SSL encryption. Displaying a certification badge on your homepage footer or email template could be a good idea.
The media and publishing industry has been completely reshaped by digital commerce. Publishers now sell… Read More
The food and beverage industry is one of the most dynamic—and demanding—eCommerce verticals. Between strict… Read More
Financial services companies—wealth managers, insurance agencies, fintech firms, and accounting practices—are not traditional eCommerce businesses.… Read More
Transportation and logistics companies have traditionally been slow to adopt eCommerce—but that’s changing fast. Fleet… Read More
Construction is one of the last major industries to fully embrace digital commerce—and that’s exactly… Read More
Restaurants and hospitality brands have discovered that eCommerce isn't just for product companies—it can extend… Read More