Table of Contents

GDPR seems to be on the tip of everyone's tongues right now. There’s a lot of information swimming around causing a lot of ambiguity. This GDPR overview will be a concise and clear run down of what it means.

First things first, GDPR is an acronym for General Data Protection Regulation. It’s a new set of guidelines being implemented by the European Union to make sure that the way each EU citizen’s data is being handled is clear to them. This is important because there are around 500 million internet users across Great Britain and the EU (GDPR requirements apply to GB too).

They will be put into force on the 25th May 2018 and must be followed by all companies operating in the EU - even those based outside of Europe. That means it isn’t a choice, compliance is mandatory and any breaches will result in heavy fines.

So what is it?

Well it’s not a brand new thing, it has been in the pipeline since 2012 and the guidelines were formally agreed upon in 2016. The date of implementation however is nearing and that’s why we’re being inundated with its name.

There are 99 separate articles that make up GDPR but the condensed version is, that GDPR aims to put the rights of the customer first by making the following compulsory:

Language -                           No more jargon or “legalese” is allowed. Language must be plain and clear - understandable even to a layperson

Clear consent -                    Using contact details to send updates and offers must only happen if the customer has consented using a clear opt-in setup.

Breach Notification -           If data handling is breached then authorities must be notified in 72 hours of noticing the breach

Right to Access -                  Data collectors must provide a full copy of all of the data when requested by the individual

Right to be Forgotten -        All stored data on any individual must be cleared if and when asked

Privacy by Design -              Only necessary information is to be collected and it is only to be accessed by people who are a necessary part of the processing

Centrally Located Data -     Data will no longer be dispersed across many systems, it will all be collated in one spot for seamless security

Personal Details -                There will be an increased scope of “personal data” to include political views, sexual orientation, health data AS WELL AS name, address and phone number as before

To find out more about the guidelines you can read about it on the EU’s GDPR homepage or by viewing this handy infographic.

These guidelines means different things for different people depending on their original data privacy settings.

Things you can no longer include:

Refer a friend campaigns - if that friend has not expressly given consent to receive mail

Notify only - Simply telling customers how you will treat their data is no longer good enough - you must get consent through e.g. a tick-box

Segment using personal data - Identifying internet users by their political or sexual preferences or even health status is disallowed

So, does this affect the way you can tailor personalised recommendations?

No. It doesn’t affect the way you use personalised recommendations within your webshop because no personal data are collected (even with the updated definition of what personal data means) to make these recommendations. Plus, as long as you make sure that you ask customers to subscribe to any email communication, it won’t affect how you send out these recommendations either.

The same goes for segmentation - if your email is already GDPR compliant, using tools such as segmentation will naturally also be compliant because - again - as long as they don’t use personal details (as per the new definition). Customer behaviour such as purchase history is good to use.

Make sure when you are managing these functions, internally or externally, you are GDPR compliant from 25/05/2018. A good external provider will already be updating their terms and conditions and will be making them clear to you!

email icon in red

Keep up with the latest e-commerce trends, best practices, special events, and more!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.