The current measures to protect customer privacy in the European Union will change this year. Ecommerce businesses will have to comply with new regulations that will come into effect on May 25, 2018. The General Data Protection Regulation, or GDPR, will establish new standards in the way companies handle data on their customers. eCommerce regulations are no exception: if you sell products to customers from Europe, you will have to prepare your systems for a big change.



Customer data has become one of the major assets for any eCommerce business. Regulatory bodies took their time preparing relevant provisions that aim to replace outdated data protection measures that go back to the year 1995. The eCommerce landscape changes all the time, requiring constant reviews of active policies.

Read also: eCommerce Security issues: how does penetration testing stand out among other solutions and tools?

eCommerce stores collect vast amounts of data on their customers, affecting customer privacy to some extent. Contact information, IP address, and Social Security Number are just some of data that is taken from customers. Online consumers are not aware which information is used: users cannot follow which piece of information is collected. Because of this, the GDPR’s initiative is to provide consumers with a countermeasure that will guarantee the respect of fundamental rights of every online shopper.

How exactly does the new law change the eCommerce privacy policy?

The GDPR aims to reinforce the existing ideas of how online stores secure online visitors. It introduces new requirements as well. No matter how small or big your online business is, this will affect your relationships with EU-based customers. What is the right way to prepare for the changes? With the deadline just around the corner, there are certain steps that need to be taken to comply with the new regulations.

As a merchant, you will have to consider top issues that the GDPR affects. If you fail to comply, you may face heavy fines. Reputational damage is also one of the consequences: new regulations have a strict approach to data breach and its consequences.

Prepare for a security breach

If you experience a security breach, the GDPR is expected to require you to alert affected users within a 3 day period. This implies a great deal of preparation for your online business, as a data breach report is a time-consuming task. You will have to review your current plans for how you respond to a security breach.

A swift flow of data should become a top priority for your eCommerce store. In case of a security leak, get ready to generate reports within a short time period.

Appoint a Data Protection Officer

The GDPR aims to establish tight relationships between a merchant and regulatory bodies. The new approach to customer data requires new positions and roles in your company. Any online business is expected to appoint a Data Protection Officer (a DPO) to comply with the GDPR.

The expert is supposed to review existing approaches to data collection and processing. You have to consider whether it is necessary for your business to appoint someone to this position before May 25.

Change how you collect the personal data of European citizens

The amount of personal data about customers is rather vast. The GDPR requires online businesses to establish a security system that will ensure data protection.



The GDPR advises businesses to store the information in a portable, readable format. Any online retailer operating in Europe should prepare a unified form with every bite of data about customers.

Easy access to sensitive data about your customers for the subjects of this data is one of the major changes your business may face. You will have to allow third-party officials to access the information as quickly as possible.

You might need to modify the way you process and store the data. Personal data requests could become a new routine after May 25.

Do you collect consent in Europe on your Shopify store correctly?

Under the GDPR, eCommerce stores like Shopify might change or review their existing approaches to the collection of consent from customers in Europe. Marketing campaigns are one of the major assets for your company that give you a competitive edge over rivals. However, the new regulation states that consent should be given freely and with no ambiguity. If you use third-party apps that collect personal information as well as consent, you might need to inform your customers in new, more obvious ways.

Read also: Best Shopify Stores for your Inspiration

Parental consent should be collected in adequate forms under the GDPR. Users under the age of 16 should be treated differently from adults, requiring parental consent, or even a complete stop to data collection for these users.

Consult experts and expert resources to comply

The exact tasks to better prepare for the new changes under the GDPR are not easy to undertake. You will have to consult an expert in the data security field. Even with the availability of online resources, unclear articles about the new regulations may cause confusion. Meeting an expert will guarantee successful compliance with the new regulations.

However, there are available resources that you as an eCommerce merchant might consider taking a look at. Here are some of them:


Shopify terms of service will change

Current interpretations of the GDPR still leave much room for doubt. We are working on materials that will prepare eCommerce merchants for the GDPR. Make sure you are aware of the new terms of service, which will affect Shopify merchants as well as other online retailers. More informational materials are coming soon.


Category: Product News