What all ecommerce store owners should know about GDPR

There’s no doubt that the life as an e-commerce shop owner is very busy, especially if you’re not sticking to selling just in one country. Actually, if you decide to attack multiple markets, things can get complicated. You need to be informed about how they do business and, most important, how to comply with their laws.

Speaking about laws, the European Union is expected to introduce a new regulation this year, called the General Data Protection Regulation. Or GDPR, for short. And it’s way too important to ignore it!

Today we’re going to talk about this new regulation, starting with correctly understanding what it, how it can affect you, and how you can use it to your advantage. Without much further ado, let’s begin.

What is GDPR?

The General Data Protection Regulation is a privacy law issued by the European Union. Even though it’s not yet in effect, it’s already considered the most comprehensive data privacy law in the world, with impact on the way companies collect and handle their customers’ personal data.

Even though your shop is not based in the EU, you should be aware of this changes, as GDPR will impact any company that has customers in Europe. Besides this, it also applies to some of your favorite tools, like Google, Facebook, or even MailChimp or Spotify, very popular among e-commerce businesses.

What should I do, as an ecommerce store owner, in order to compile with GDPR?

The entire General Data Protection Regulation act has a total of 88 pages, so we bet that nobody wants to go through the entire thing in order to find what an e-commerce store owner should do, in order to make sure that the store complies with the new regulation.

Below, we’ll try to summarize the entire document, covering the most important aspects you should be aware of.

Always ask for the buyer’s consent

As mentioned in the documents, “silence, pre-ticked boxes or inactivity should not constitute consent.” This means that you should avoid misleading your buyers into providing information they otherwise wouldn’t.

Obviously, the best example is the email field, where they put their address in order to receive a PDF, for example, and you automatically subscribe them to your newsletter.

Stick to collecting just necessary data

The core principle of GDPR is protecting people’s data. Considering this, you should stick to gathering just the information you need, which provides business value.

Not once we saw pages which ask for a potential shopper’s phone number or other – ridiculous, at a first look – information, just for the sake of asking for it.

The idea is simple: collect data which only helps you offer a better shopping experience and promote your products or services.

Be transparent

Another aspect which the new GDPR considers very important is transparency. Or, if you prefer, providing easy access to all the options you’re offering, like easy access to the terms and conditions or privacy polity, or an unsubscribe button, alongside the one used for subscribing to your newsletter.

Continue selling your products or services in Europe

With the release of the General Data Protection regulation, the European Union is just trying to create what they call a more robust digital economy. They do understand that collecting data is vital for this niche and they’re not trying to shut down any online store.

What are the benefits of GDPR for ecommerce sellers?

Let’s call this a big opportunity! Basically, if you compile to GDPR, your customers from Europe will actually like you more.

Currently, data privacy is a pretty big deal, especially in Europe, as companies from several sectors are doing their best to protect data and present this as a major selling point. Therefore, customers will feel comfortable about GDPR compliance issues before deciding upon purchasing something or even engaging with a brand.

Also, this can help you stand out a bit in front of your competitors if they haven’t adopted GDPR yet. Just make sure that compliance is part of your Terms and Conditions and let everybody know about this, in a subtle way, like inserting a line on this in your emails.

But what about the tools I’m using?

After making sure that you’re GDPR compliant, a big question pops in: are the tools I’m using GDPR compliant as well?

Specifically, we’re talking about all the solutions ecommerce sellers use to optimize their marketing efforts, like Analytics, AdWords, Facebook and so on. Why should these be a problem? Well, because they’re based outside Europe. But since we’re talking about major companies behind them, it’s more than obvious that they were aware of the importance of GDPR for a while.

Google assured that it will be completely GDPR compliant by May 2018, while Facebook knows that this is a very important requirement and it’s expected to support efforts surrounding the compliance in 2018. As for platforms like Shopify or MailChimp, they have already started investing in being GDPR compliant.


Obviously, this is a topic about which we can talk a lot, but out short guide covers all the essentials ecommerce business owners should be aware of.

Keeping it short, the General Data Protection Regulation affects businesses that interact or might interact with Europeans, no matter their location. In order to make sure that your shop is compliant, you need to have clear terms and conditions, remove pre-ticker boxes and, generally speaking, respect the privacy of anybody who visits your website.

Comments are closed.