Smart Globalization: Privacy Concerns and GDPR
The following is an excerpt taken from Smart Globalization: 5 Considerations for European eCommerce Expansion. To download the Solution Guide in its entirety, click here.
Customer data protection is a concern for merchants everywhere, and this is doubly so for merchants transacting in the EU. The European General Data Protection Regulation (GDPR) privacy legislation went into effect on May 25th, 2018, and is having global ramifications. Merchants around the world who store or process the personal data of EU residents must comply or face stiff penalties.
The GDPR is a comprehensive European privacy law that streamlines data protection requirements across the EU and addresses the export of personal data outside the EU. The statute gives consumers more control over their personal data while simplifying the regulatory environment for international businesses operating within the EU.
Even if American merchants don’t currently sell in the EU, they still need to be GDPR compliant. The regulation is designed to safeguard EU individuals and their data regardless of a business’s location. So, if an American retailer handles the data of even one EU-based shopper, they need to be compliant.
At the heart of GDPR is its broad concept of “personal data.” According to the EU GDPR Portal, personal data is, “any information related to a natural person or ‘Data Subject,’ that can be used to directly or indirectly identify the person.” This can be anything from a name, a photo, an email address, bank details, social media posts, or even an IP address. Companies cannot use or store this data without an individual’s consent, and even then, can only store the data for a short amount of time.
Consent and the “Right to Be Forgotten”
Consent is the next pillar of privacy in the EU. Without expressed consumer consent, companies cannot use or store data. Even then, companies must request consent in an “intelligible and easily accessible form, using clear and plain language.” Furthermore, this data and consent needs to be “auditable,” meaning that merchants need to do more than just acquire clear consent, they have to keep a record of that consent and provide a clear path to revoke it. This introduces significant new data management requirements.
This extends beyond eCommerce as well – the law applies to all personal data in all locations. Paired with the broad definition of “personal data,” this means that everything from addresses to product reviews falls under the “right to be forgotten.”
Lastly, individuals have a right to request a copy of all the data that a data controller – an entity that determines the purposes, conditions, and means of processing personal data – has on them. Controllers are mandated to provide the data in a “commonly used machine-readable format,” forcing merchants to also ensure they have the means to package and send requested data.
Beyond compliance issues, these new data subject rights, partnered with stiff penalties, create a ripe environment for fraud. Verifying the identity of requesters presents a huge challenge: denying a valid request and approving an invalid request will both result in fines.
Understanding these privacy regulations and ensuring that you are prepared to comply with them is paramount to successful European expansion. Failure to comply carries a painful punishment – up to 4% of annual global turnover or €20 million – and coupled with the inevitable loss of customer trust, can torpedo growth plans extremely quickly.
Bringing It All Together
Successful European expansion isn’t just about addressing these five considerations. While they are important, every decision needs to be viewed through the lens of your long-term goals and enabled by your existing technology ecosystem.
Oftentimes, it is extremely valuable to partner with a global commerce solutions provider to ensure that expansion into European markets is not just a smart strategy, but a viable one as well. Having a partner that can provide objective feedback rooted in industry expertise will enable you to expand quickly, intelligently, and profitably.
Europe is a lucrative market for North American merchants. Ensuring your strategy accounts for the considerations in this paper is the first step towards successfully penetrating new markets abroad.