GDPR is set to come into force in May 2018, meaning there are new rules on how companies handle customers’ personal data. It’s especially important for Magento merchants, who deal with personal data on a daily basis.
Fail to comply, and you could face a financial penalty. Fortunately, we’ve got all the information you need.
Read on as we look at what will change and how Magento merchants can prepare…
Updating the rules
The UK may have voted to leave the EU, but until March 2019, we’re still subject to changes in legislation. One such change was the new General Data Protection Regulation (GDPR), which comes into force on May 25th 2018.
Announced in 2017, GDPR is considered something of an update to the EU’s 1995 Data Protection Regulation (DPR). It also covers similar issues as the 1998 Data Protection Act (DPA), which sets out how UK companies can use personal data.
To clarify, this refers to anything from IP addresses to basic information and contact details. Anything which could be used to identify a person or anything about them is covered by ‘personal data’.
What exactly is changing?
The main difference with GDPR is regarding accountability. The DPR and DPA specify conditions for how data is obtained, processed and transferred, with guidelines for consent and confidentiality. GDPR, however, goes one step further, placing legal obligations on controllers and processors.
A controller is a company or individual who decides how data is used, while a processor is a person or company who processes data on the controller’s behalf. Controllers and processors have much more legal liability to protect this data under the new regulations, so they will be held accountable for any breach.
Proof of adherence
Controllers are also obliged to ensure contracts with processors comply, so they cannot simply point the finger of blame. And, unlike before, it’s not simply enough to say this has been adhered to. Companies and individuals now need to demonstrate how they are complying, with proof of training and documented decisions every step of the way.
So, Magento merchants need to show how they’re adhering to the new rules. Here are some steps from the Information Commissioner’s Office:
- Ensure decision makers and key people are aware of the changes
- Document all personal data you hold, where it came from and who it’s shared with
- Review your privacy notices and make and changes ready for the start of GDPR on May 25th
- Check you have covered individuals’ rights such as consent and deleting personal data
- Plan how you will adapt to the GDPR’s timescales for providing information to consumers
- Identify the lawful basis that justifies any data processing your company undertakes
- Review how you seek and record consent. Refresh consent before May 25th if it doesn’t meet the new standards
- Consider whether you need age verification or parental consent before requesting data
- Prepare your procedures for detecting, reporting and investigating any data breaches
Don’t fall behind
Whether it’s new regulations or fresh ecommerce trends, Bing Digital will keep your ecommerce store at the forefront of change.
We are a team of Magento-certified developers with an abundance of experience and ecommerce expertise. Our specialist developers can provide you with an ecommerce store tailored to your business, that works perfectly and drives sales. Contact us today to discuss your project.