GDPR is an acronym for General Data Protection Regulation. It is a law designed by the European Union that gives customers in the EU data protection rights. This means that they have control over how their personal data is used and managed online. Under the GDPR, customers can correct, delete, and restrict access to certain information.

The GDPR was adopted in April 2016 and then took effect in May 2018. It states that customer data collection must be voluntary, with a customer’s consent, and secure. Personal data should also be available when requested. Personal data covers everything from internet activity such as social media posts and emails, medical history, financial information—basically everything that makes an individual identifiable.

Of its many purposes, the GDPR should also protect EU customers from unsolicited marketing. It has since affected how eCommerce brands and retailers engage customers.

Why GDPR Matters

GDPR came about after concerns about data privacy. While the EU already had the Data Protection Directive in 1995, it is more updated and applicable in this day and age. It gives European customers the right to understand why and how their personal data is gathered and used.

Under it, organizations should practice responsible data collection with consumer protection in mind. These organizations are not limited to those headquartered in member nations of the EU. Any entity that sells and markets in the EU should comply with the GDPR regardless of its location.

Failure to comply can result in hefty fines, which is either 20 million euros or 4% of the organization’s worldwide turnover of the preceding fiscal year, whichever is higher.

What It Means for Ecommerce

Online brands and retailers can collect and store personal information. The data includes names, addresses, payment details, IP addresses, and other sensitive information that can lead to the identification of an individual. All these falls under the GDPR definition for personal data. As such, eCommerce sites should abide by the GDPR if they have a market in the EU.

To be GDPR-compliant, companies can conduct an audit on the personal information they collect and use. The information should then be readily available to customers through their privacy policies.

Farfetch's GDPR/privacy policy.

Business Benefits of the GDPR

Abiding by the GDPR requires changes in how you conduct your business, but it also brings many advantages to your company:

  • Customer confidence. It is more than just giving customers control over the personal data that you gather. Being GDPR-compliant means having a data protection officer and regular audits that assure customers their data is safe and secure.
  • Data security. Having regular audits extends to having more robust cyber security practices. Any vulnerabilities should be reported immediately upon discovery.
  • Improved data management. Complying with it pushes many organizations to reflect on how they are managing data and implement measures to make data collection and storage more accurate and safe.

Navigate through the letters to explore the glossary terms