Video


Impact GDPR on e-commerce

Posted: by Jan Nawrot

Category: gdpr | marketing | cybersecurity |

The e-commerce industry is particularly sensitive to changes in regulatory regulations due to the specificity of its marketing strategies. General Data Protection Regulation (GDPR) will make e-business once again measure their compliance with legislation.



E-commerce - Marketing consent



The EU guidelines, which enter into force in May 2018, introduce a number of significant changes for businesses. GDPR for e-commerce has a huge impact on marketing actions. Regulation greatly expands and adds new rights to citizens. Therefore, traditional e-mail marketing, which is the basis of many marketing strategies in e-commerce must be even more cautious. You can find more about GDPR and marketing in this article.

To ask for consent in accordance with the new guidelines, they must be:

  • separated - consent and regulations must occur separately,
  • voluntary and informed (opt-in) - consent check boxes shouldn’t be automatically marked,
  • granular - different marketing activities require separate approvals,
  • named - every third page must be listed.

In addition to the need for explicit consent, clients are also protected by the right to be forgotten. This means that if they do, they can delete their data or account as easily as they did, and it is your responsibility to permanently and completely remove information about that person from the system.

More rights for users

GDPR for e-commerce it is not only the need to express a number of consents and the right to be forgotten. From May 2018, e-clients will also have the right to transfer their data, not only personal but also those resulting from the use of the service, extended right to information (eg information on data processing time) or the right to refrain from profiling. Entrepreneurs will also concern the principle of data minimization, ie not collecting more and more data than is needed. For e-commerce, especially those using advanced IT systems, this implies the need to implement changes at the legal level (process definition) and technology (appropriate security at every stage of the process).

More painful consequences

Many GDPR for e-commerce issues will be governed by yet another document - the e-privacy regulation, which is to clarify the GDPR guidelines.The regulation will primarily regulate issues related to unwanted marketing, cookies, e-mail and tele-marketing, confidentiality and use of metadata.

From the point of view of new EU regulations, the customer and his right to control his data are paramount. As a result, more restrictions will be imposed on entrepreneurs and the potential consequences of non-compliance will be much greater after May 2018. Widespread fear now raises the possibility of possible penalties of 20 million euros or 4% of global annual turnover.

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Udostępnij
Read more:
Step-by-step preparation for GDPR - checklist
GDPR

Step-by-step preparation for GDPR - checklist
An overview of the Regulation and its most frequently discussed issues
GDPR

An overview of the Regulation and its most frequently discussed issues
How was GDPR introduced? Facts.
GDPR

How was GDPR introduced? Facts.
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to [email protected], or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: [email protected].

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact