What can GDPR do for e-shops? - Part 1
Are you the owner of an e-shop and since the GDPR came into force, have you been wrinkling your forehead because of the unanswered questions that have arisen for you in this context? Let's answer some of the burning questions together.
_w1693q90.webp "What can GDPR do for e-shops? - Part 1")
What about email addresses obtained for the purpose of the competition?
You may find that various competitions are great for marketing, but one of the conditions of entry is that you must provide an email address. The competition has already taken place, you have announced the winner, but now you are not sure how to proceed so as not to breach the legislation? It's simple. E-mail addresses that you have collected for the purpose of a particular competition must not be used in any other situation. To use a customer's email, consent would have to be given separately and explicitly (for example, by ticking a box) for each purpose separately.
E-mail in exchange for e-book. Is that okay?Another situation that can quite easily arise is where you offer an e-book to a customer and the condition for downloading is again that they provide an email address. It would seem that both parties would be happy, but it's not always that simple and straightforward. Although you now have a database of emails, it certainly doesn't mean that you can automatically send further commercial communications to the customer in the form of a newsletter or other offers. Again, you need to get the customer's consent for all of these activities.
Databases from earlier years - do you need to ask for consent again?If you have an email database from a previous era and it is your current customers, you do not need to ask for consent again to send marketing messages, as you have what is called a legitimate interest under the GDPR regulations to send them. However, remember that you must always allow customers to opt out of receiving these messages. If consent has been given in the past for another purpose, you must ensure that it meets the criteria for consent under Article 7 of the GDPR, i.e. it must be specific, informed, given unconditionally and unambiguously. This means that consent must not, for example, be part of the terms and conditions. If this is not met, then consent must be obtained again in a way that complies with the GDPR.
Do you want to make sure you are handling your data correctly and following everything you need to be GDPR compliant? Our team is here for you!