General Data Protection Regulation (GDPR) took effect on the 25th of May, 2018. CartsGuru guarantees that we fully comply with all the approved and implemented regulations and changes.
Looking at the GDPR for e-commerce, there are lots of questions and concerns that merchants have. If you’re on CartsGuru, there’s no need to worry. Big laws seem scary, but CartsGuru is making sure the way you collect and store personal data is GDPR-compliant.
Essentials of GDPR for e-commerce
1. Get consent: the user must agree to be included in your marketing campaigns.
If the user has consented to the message and communication channel that you are offering, then you can continue to do as you always have. But if there was no consent, then you cannot send them marketing materials or advertise to them. If you don’t have explicit, unambiguous consent from the visitor that accepts receiving of marketing messages, then you won’t be able to send them messages. Moreover, you could also face heavy fines.
2. Provide adequate protection: you must protect the user’s personal data adequately.
If a user does consent to your storing and processing of their personal data (through personalized marketing or advertising messages, for example) you have the obligation to ensure that the data is adequately protected. Within GDPR terms, "personal data" is defined quite broadly: any data that can be used, alone or combined, to link to or point to a person.
This includes the visitor’s:
- physical address
- demographic data (age, location, etc.)
- email address
- IP address
According to the GDPR, businesses are supposed to appoint a Data Protection Officer (DPO), who is responsible for ensuring adequate security for the personal data.
It simply states that DPOs are required for companies that process large amounts of personal data, so smaller e-commerce stores should be in the clear.
However, it’s still very important that you have someone in your organization who is in charge of data protection.
3. Delete, correct, or restrict when asked: if the user requests you to delete, correct, or restrict the personal data you have, you must immediately comply.
The GDPR allows for European citizens and residents to have more complete control over how their personal data is used.
For that reason, if an EU subscriber or shopper whose personal data you have asks you to erase or change it in any way, it’s best to do it sooner rather than later.
With that, you’ll have nothing to worry about for this part of GDPR.
4- Update your privacy notice
Your privacy notice should look something like this:
“We will retain your data to send you communications about products you have added to your cart and offer discounts related to these articles. Moreover, we will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in."
In order to send you these communications, we rely on the marketing automation platform provider Carts Guru, with whom we share your personal information relating to name, surname, email, and phone number and your carts and order data.”
How CartsGuru is helping merchants be GDPR-ready
CartsGuru ensures that all e-commerce merchants using our marketing automation platform are fully covered. Here's 5 important ways in which we do this:
- Easy-to-export customer profiles
- GDPR-ready consent and re-consent
- Right to be forgotten - complete removal of user data so that the customer or subscriber is not identified IN ANY WAY. This option is available if your client insists on it or if they request their account and data to be removed.
- GDPR-ready privacy and cookie policies
- GDPR-ready SMS, Email and Messenger messaging
It is very important that e-commerce merchants understand what these rules mean for their business and how they can prepare for them.