General Data Protection Regulations (GDPR), the European Union’s crackdown on data protection and privacy, went into effect on May 25. However, those who think this only will impact businesses across the pond are sadly mistaken. Any entity that collects information about people or provides goods and services within the 28-member countries of the EU must be compliant with GDPR. This means that many American-based ecommerce websites will have to become GDPR compliant, or face the pricey consequences. 

GDPR defines what types of data is allowed to be collected, what it can be used for, how much of it is allowed to be collected and how long it can be stored. It also requires websites to ask for consent when information is going to be stored, and to provide certain information to users whose data is being stored, according to Forbes. One big part of the GDPR is that companies must tell their data protection authority about a potential breach within 72 hours of first becoming aware of it, and they must notify customers as soon as possible, according to CNBC. Another part is that individuals will be able to ask data processors to erase their data, which could potentially stop third-party groups from accessing it. This will help individuals have more power over their personal data. 

As stated earlier, any entity that collects information of people in the EU or provides goods and services to people within the EU must comply. This does not simply mean you must comply if you have a version of your website for countries in the EU. If you market to a global audience, your company is expected to comply with GDPR. This also applies to nonprofits and charities. 

However, the only data you need to be GDPR-compliant with is data coming from the EU, according to Business Day. 

Compliance with GDPR will be monitored, and companies that do not comply could face fines of up to $24 million or 4 percent of annual global turnover—whichever is higher, according to Recode. This means it is vital that companies are aware of if they need to become GDPR compliant and how to do so. 

Several news websites owned by the Tronc and Lee Enterprises publishing groups became unavailable to consumers in the EU after GDPR went into effect. These publications include the LA Times, Baltimore Sun and Orlando Sentinel. The websites said their content would be unavailable in these areas while they “continue to identify technical compliance solutions that will provide all readers with our award-winning journalism,” according to BBC. If your company may need some time to make these changes, following Tronc and Lee’s example may be the best way to avoid facing fines.  

Taking steps to ensure your ecommerce website is GDPR compliant will help you continue to appeal to a global market and avoid lofty fines. Taking the time to review and update your privacy policy, email subscriptions and contact forms is an important step. Also, the website must clearly state if cookies will be used and ask for consent before a user clicks on a link that utilizes them, according to Forbes. These are just a few of the things you should be doing. However, the most important step is to communicate with your employees about these new policies and the subsequent changes that will occur. Making sure that everyone is on the same page about how to best safeguard your customer’s personal information will be key in ensuring a smooth transition to GDPR compliant features on your EU-targeted ecommerce websites. 

If you need help ensuring your web applications are GDPR compliant, mediaspa can assist with an audit by one of our security consultants.