About the GDPR
What is the GDPR?
The GDPR, or as its fully known, the General Data Protection Regulation, is a new regulation that was approved by the EU Parliament on April 14th, 2016. The GDPR will be in full effect as of May 25th, 2018. If you're non-compliant after this date you may face heavy fines. The GDPR will be enforced by the Information Commissioner's Office (ICO).
The GDPR will actually replace the Data Protection Directive 95/46/EC. It is designed to harmonize data privacy laws across all of Europe, to protect and empower all of the citizens of the EU's data privacy, and to help reshape the way that companies approach and handle data privacy.
If you are complying properly with the current Data Protection Act (DPA) than most of your approach to compliance will remain valid under the GDPR and can be the starting point to build off of. There are new elements and enhancements, and due to this, you'll have to do some things for the first time, and even do some things differently.
If you're not based in Europe, but you do business there or gather any personally identifiable information (PII) from EU citizens via your website, then you'll be subjected to GDPR regulations.
To learn more read this.
What is 'Personal Data'?
Personal data is any information relating to a data subject. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:
- Identification number
- Location data
- Online identifier (such as IP address or cookie ID)
A breach of the GDPR can result in a fine of up to 4% of annual global turnover, or rather 20 million Euros (whichever is greater). This is the maximum fine that can be imposed as a result of the most serious breaches (not having customer consent to process data or violating the core of the Privacy by Design concepts). These rules apply to both controllers and processors.
Consent must be given in an intelligible and easily accessible form, with the purpose of data processing attached to that consent. You must use clear and plain language so that everyone can easily understand it. It must be equally as easy to give as it is to withdraw consent.
Read more about the key changes here.
How does this effect my eCommerce business?
Is Fera GDPR Compliant?
. When Shopify (or you through Shopify) deletes any customer data we delete that customer data as well. In addition, if you request to delete data we can do that as well. When you delete the app we delete all connected data permanently.
What to do?
Entrepreneur has a great guide with 6 steps you can do right now so that you can prepare for the new regulation. Check it out here.
Check out the ICO's 'Preparing for the General Data Protection Regulation-12 Steps to Take Now'.
How does the GDPR affect Shopify? Find out here.
How does the GDPR affect you? Find out here