If you are a Shopify seller and you have any intention of entering the EU market, you had better get used to the term GDPR (or General Data Protection Regulation).
First appearing in 2018, the European Union GDPR has made a drastic change for the online businesses. Thanks to this approach to personal data protection, EU citizens are taking more control over their personal data.
GDPR has changed the definition of personal data. According to the new regulation, personal data consists of all information used to directly or indirectly identify a person, including:
GDPR concerns the following three areas:
The place you base your business does not matter. What matters is that the personal data you collect belongs to EU citizens and residents.
Businesses going against GDPR will face fines up to €10 million or up to 2% of the annual worldwide turnover for the previous year.
However, instead of being a threat, GDPR is a wonderful chance to bloom your business. Should you strictly comply with GDPR, EU customers will surely favor and appreciate your business than others. This is time for you to boost your company image!
Note: We still encourage you to seek advice from a professional, legal person. The steps mentioned below are just really, really basic steps for your Shopify store.
After collecting user emails from different places, you should ask for their permission to send advertising emails.
Under GDPR, the consent is valid only when the customer actively confirms their consent, such as ticking an unchecked opt-in box. Pre-checked boxes using customer inaction to assume consent ARE NOT regarded as valid in GDPR.
a) On the register/sign-up page:
Here are some suggestions for your registration page:
There is a checkbox to opt for advertising emails on OTTO’s registration page
The Sainbury’s asking for permission is much more detailed, which can boost the customer’s confidence to opt in.
b) On the checkout page:
On the Customer Information page, under the input box for email is a default checkbox for opting in news and offers. Remember to keep that unchecked by default (as GDPR demands).
c) If you send the additional emails:
In case the number of emails you send is more than the number the user signs up for, then it is necessary for you to receive their permission for the added.
For example, OTTO has clearly pointed out some information on the footer:
d) Getting consent from your old contacts:
Besides new contacts, you also need permission from your existing contacts. We highly recommend you to send the email template to every list affected by the GDPR.
e) Respect the consent:
It might be different in your country; but in the EU, once you get the consent, you are supposed to respect and strictly follow what you have promised.
Three basic steps to comply with the cookie law:
In conclusion: Complex as it might seem to be, you are advised to prepare your store for GDPR. Should you have any questions, feel free to leave it in the comment section and we will reply as soon as possible!