How to prepare your e-shop for GDPR - 5 questions and answers

Do not underestimate the situation, but at the same time do not be unnecessarily afraid. This is the advice that legal experts give to e-shop operators in a nutshell. For example, they will have until 25 May to amend their terms and conditions or inform customers about the personal data they collect.

12. April 2018

If you run an e-shop, you are most likely already preparing for the entry into force of the General Data Protection Regulation. The GDPR will affect online shops almost in its entirety. The following five questions and answers summarise what is relevant to e-shops, what not to underestimate and where operators can be at ease.

1. Do I need to have a data protection officer (DPO)?
One of the biggest bogeymen of many institutions, fortunately, affects only a very small percentage of online stores. In particular, hospitals, banks and other institutions working with specific and sensitive data or those processing personal data in huge quantities must have a DPO.

2. Do I need to modify the terms and conditions?
. Every e-shop will have to make considerable interventions in this area. They will need to delete the sections on personal data from the terms and conditions and prepare documents to replace this area.

3. Do I need to inform my customers and clients in any way?
From May, every customer must be informed unconditionally that an e-shop collects data about them and of the rights and obligations that arise from this.

If you run an e-shop, you will need to be clear by then about what data you are collecting, for what purpose and for how long. First of all, you will need to consider whether you are entitled to this data and its collection.

4. What should I do with my email database?
If you are using regular emails as a marketing support tool, you will also need to prepare your email contact database for the GDPR coming into force. We've advised you on how to align your contact list with the GDPR in this article

5. How should I prepare my website?
How you have your website programmed is only peripherally affected by GDPR, yet even in this respect lawyers advise not to underestimate the situation. Particularly because of the tools that Google and Seznam search engines continually include in their algorithms, it pays to pay special attention to web security

In any case, address GDPR preparation within processes, IT and security comprehensively

Lawyers agree, then, that there is no one-size-fits-all recipe for preparing e-commerce sites for the GDPR coming into force. We have been dealing with General Data Protection Regulation issues for a long time, so if you want to prepare your e-shop, don't hesitate to ask us for help.