What is the GDPR and what it means for your online business
Apr 25, 2018 - DATA PROTECTION
Igor Diez
First of all, we’d like to clarify that this post does not constitute any type of legal advice and in order for any of you to be 100% GDPR compliant we suggest that you ask a lawyer for advice.
The GDPR (General Data Protection Regulation) is a data privacy law in the EU that protects EU individuals’ personal data and will come into effect on 25th May 2018. It will affect any business that manages EU users’ data or that operates in the EU.
Why do we believe it might be important for you? We know many of our sellers are not located in the EU but you should still pay attention if you ever run your advertising campaigns in any EU countries.

What are the objectives of the GDPR?

The main objective of the GDPR is to give consumers more protection and power when it comes to their personal data being managed & shared by companies.
GDPR mainly covers 3 principles for data subjects:
  • Right of Access
  • Right to Data Transfer
  • Right to be Forgotten
Under GDPR companies must make sure that they take all necessary protective measures to be 100% compliant when handling consumers’ personal data and:
  • Designate a Data Protection Officer (DPO).
  • Notify of any data breaches within 72 hours.
  • Obtain explicit consent from data subjects before starting to collect their personal data.
  • Ensure all information collected is required for the service to function successfully.
The potential fines for any companies breaking the rules will be up to €20m or 4% of their global revenue, whichever is greater.

What does GDPR mean for your online business?

Even if you are not based in the EU or operating from the EU you will still have to comply with the GDPR if you run your advertising campaigns in any European countries and start gathering data about these EU users because you’ll be responsible for keeping this data as safe as possible.

What about if you don’t have any EU customers?

Even if you don’t have any EU customers and have never run any advertising campaigns in the EU we would suggest that you familiarize yourself with the GDPR just in case your advertising plans change in the future and you decide to explore new opportunities within the EU. After all, the management & protection of data is something that should affect us all as marketers or consumers.

Check List for ensuring to be 100% GDPR Compliant:

  • Personal Data Collection:

Whether you’re collecting personal data from users in the EU or you deal with 3rd party companies which process EU customers’ data on your behalf you should make sure all these processes are in accordance with the GDPR.

  • Privacy Notice:

Any sellers running their advertising campaigns in any EU countries will have to make sure to amend their privacy notices to reflect their adaptation to the GDPR.

  • Data Protection Officer:

In order to be fully compliant anyone collecting personal data from consumers in the EU will have to designate a Data Protection officer within their company.

  • Free User Consent:

Anyone collecting personal data from customers in the EU will have to gain their consent freely and therefore you may need to change the way in which consent is collected as it cannot be “forced” or “defaulted”. On this note, you may also need to specify how consent is obtained and also the main purpose. If using several communication channels (E.g. email, direct marketing) you will have to gain consent for each separately.

  • Subject Data & Erasure Requests:

Under the GDPR users will be able to request a copy of their personal data so you should make sure to have all this information safely recorded & accessible. On this note, users can also ask for their information to be deleted permanently.

  • Data Breaches:

Under the GDPR is mandatory for all businesses affected to notify of any data breaches within 72 hours of the breach taking place. Therefore, if you’re affected by the GDPR you should make sure to have this process in place.

  • 3rd Party Companies:

As we have mentioned before, any sellers affected by the GDPR should not only review their internal contracts (privacy policy, T&C’s, etc) but they should also review any contracts signed with other external companies that might collect & use EU customers’ data on their behalf to ensure everyone’s fully compliant with GDPR.

How is Moteefe preparing for the GDPR?

  • We already designated a Data Protection Officer in our team at Moteefe’s HQ.
  • We have updated both our Privacy Policy and Terms and Conditions to reflect Moteefe’s adaptation to the upcoming GDPR.
  • All our team members have been trained accordingly to become GDPR compliant.
  • New Security measures have been implemented.
Finally, if you ever have any questions regarding Moteefe’s adaptation to GDPR feel free to contact a member of our Seller Support team and they will clarify any possible doubts.
Stay up to date
Others you might like