Although we’ve known about the GDPR for just over two years now (it was adopted in April 2016), many businesses are in full-blown panic mode about, as May 25th is fast approaching.The fines that can be applied if companies get it wrong are phenomenal – we’re talking up to €20 million, or 4% of your company’s global turnover, whichever is higher. The Information Commissioner’s Office can also award compensation for damages where it is deemed appropriate, so the financial damage to companies for non-compliance is clear to see – and that’s the main reason for GDPR panic.
However, here at EBG, we don’t have the GDPR panic. We’ve been taking steps to ensure we comply with the GDPR, so here’s a quick run-down of what we’re doing here at EBG to ensure our compliance.
- We’ve updated our Terms & Conditions and our Privacy Policy to reflect what we do with personal data we hold
- We’re conducting an audit of the personal data we currently hold so we can make it clear to you what we hold and why
- We’re reaching out to the people we’re holding data about, so that they are aware. We are also getting explicit confirmation that you do or do not want to hear from us about our services, apps and events, as required by the GDPR. This is important to us as it means we can reconfirm what we’re talking to you about – subjects that are important to you and your business
- We’re offering advice to our customers about basic steps to start getting themselves in line with the GDPR – Not everyone is doing so, and some are confused, or not getting great advice, and we want to make sure our customers have the opportunity to stay ahead of the game
- We’ve updated our invoicing so we’re being completely explicit about what information we will keep and use, including the fact that we need to keep data about financial transactions for seven financial years minimum
- We’re assisting our Magento customers to comply with the GDPR by applying recommended updates to their websites and providing advice on what else they need to do themselves
- We’ll be contacting customers of our other services to let them know if there are changes required, and what we will be doing to help them with compliance
We blogged about the GDPR with recommendations back in February, so we won’t go over the same information again here, but generally, if you’ve been complying with the Data Protection Act, you can prove you’re acting responsibly and protecting people’s personal data, you won’t need to make too many changes to comply with the GDPR. (If you aren’t complying with the Data Protection Act, you’re already breaking the law!) However, with those fines, it really is better to be safe than sorry.
We’re sure you’re aware, but just in case, here’s a reminder – The GDPR applies to everyone. Even if you don’t actively trade in the EU, don’t think the GDPR doesn’t apply to you – if there’s a chance that you might sell to a citizen of the EU, or you hold personal data for EU citizens,you must show compliance with the GDPR, or penalties can be applied if you are shown to be breaking the regulations.
Remember, the GDPR isn’t there to punish you – It’s about good practice and remembering that people’s personal data is important, and so is the trust they offer you as a seller. As a general rule, most people are broadly in line with good practice, but may want to tweak procedures, update security software and procedures a little – It is about keeping your eye on the ball, and thinking about how you would want to be treated by your business, particularly after some of the more lurid news stories about personal data breaches and fraud in the last year or two. Even if not fully compliant, being able to show you’re well on the road will keep the wolves from the door, so starting late isn’t as awful as you may think.
If you’re a seller with the GDPR panic, talk to us. There’s plenty of information out there, but if you’re baffled still, give us a call – we can help allay your worries and advise you of steps you can take to ensure your compliance with the GDPR, or legal professionals that can offer detailed advice specific to your concerns.
Lastly, it’s important that we state that we’re not GDPR professionals. We are experts in supporting eCommerce sellers, and we’re working from the wealth of information that is freely available about the GDPR in order to ensure our compliance and support our clients. We understand the GDPR pretty well, and we’re happy to help you, but let’s just repeat: we’re not GDPR professionals and we can’t give you legal advice. If you have a legal question about GDPR you need answering that is specific to your business, we recommend talking to a legal professional who is specialising in the GDPR legislation.