The intention of this article is to recommend a set of actions for your eCommerce business that will make your website GDPR compliant. We suggest all store owners read through and contact us if you need assistance on any of the points stated below.
What is GDPR?
GDPR stands for General Data Protection Regulation and is no more than a set of rules on how EU customers data must be managed. It becomes effective May 25th,2018 worldwide and it’s applicable to large and small-sized businesses that offer products or services that manipulate EU citizen information. This means that if your store is open for them, then, you will be required to be GDPR compliant, no matter if you are located in Europe, North America or any other part of the world.
GDPR regulation is an 88 pages document, which as many regulation have many vague points, so we want to keep it simple to you and point out a practical checklist of to-do’s (now, if you want to dive into the source, be our guest!).
1. Add a cookie consent bar
Convey your customers that your site requires cookies for a better experience. Clicking the “Accept” button on the banner allows cookies to work, and therefore to track and store your user’s data. It is recommended as well to have a link to your Privacy Policy within the bar, so shoppers can learn more about your intentions and even deactivate cookies from this page. See how to integrate your cookie consent bar with GTM.
2. Move your tracking codes to GTM
Tools such as Google Analytics, Google AdWords, Facebook, Mail Chimp, Bronto and others are well aware of the new policy and expect to have their business GDPR compliant by the 25th of this month. Nevertheless, your integrations must be manipulated and moving all your third-party code within the Google Tag Manager is the best choice, so when your customers give their consent all your tracking codes will be centralized and activated at once.
3. Opt-out ability for users
Allow your users to be able to “unsubscribe” either presenting a link on My Account or on your email communications. Also, do not assume what your users want – as an example, avoid pre-ticked boxes or fine print consenting things.
4. Make your intentions clear
Collect only the necessary information from your users throughout the shopping experience. If you really need to collect specific data, be clear on what you need it for. No sneaky stuff is allowed!
5. Update Privacy Policy and T&C pages
Your Privacy Policy and Terms & Conditions pages are the best place to accurately inform your customers on how your business manage their personal data in regards to the GDPR compliance. Here is a list of things you could consider to communicate:
- What information is being collected?
- Who is collecting it?
- Why and how is it being collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What will be the effect of this on the individuals concerned?
- Is the intended use likely to cause individuals to object or complaint?
6. Data encryption & certification badges
Protect your users personal data and tell them you are doing so. Make sure information is encrypted (NetSuite is taking care of that) and indicate so in your website. Add that you support data protection, buyer protection and SSL encryption. Displaying a certification badge on your homepage footer or email template could be a good idea.
At SuiteWorld 2018 NetSuite presented a GDPR related session (ppt here, need to be logged into SuiteAnswers), although I was not able to attend, I understand that NetSuite is responsible for making the platform GDPR compliant and it is. For specifics on how NetSuite complies with GDPR we recommend that you contact your Account Manager.
