Top 2024 resources on gdpr
Best gdpr resource in 2024.
Learn more about gdpr to improve your e-commerce strategy.
-
17 Resources for GDPR Compliance
-
The General Data Protection Regulation is now in effect. For website owners worldwide, compliance with GDPR seems daunting. Luckily, there are plenty of resources to help.
Here is a list of ...
Topics: resources, services, website, compliance, data, information, rights, protection, gdpr, user. -
2021 Update on GDPR and Its Impact on Brands and Consumers
-
Editor's Note: This post was originally published April 4th, 2018 and has been updated to reflect the current state of GDPR and other data privacy regulations impacting eCommerce in 2021.
Almost every online activity generates data that can be collected, stored, and shared. Shopping online, interacting with social media, installing mobile apps – all these actions leave a trail of data used to identify people.
That information has value on the dark web, making cybercrime a big business. Storing and securing data was largely unregulated until 2018 when GDPR took effect. Since then, 12 countries and a growing number of US states have jumped on board with their own version of GDPR as either new law or addendum to previous laws.
(Source)
These “rules” provide a legal line that companies transacting with customers online can use to operate, but is just meeting those government mandated requirements enough? Just because companies are doing more to protect data, STATISTS recently did a study that exponential increase in data breaches since 2005. Below highlights the rapidly growing risk of businesses being hacked and exposing your customer’s personal and this risk is not going away just because of government regulation.
Annual number of data breaches and exposed records in the United States from 2005 to 2020. Source: STATISTS
Companies with an eCommerce site not only need to make sure they are staying compliant to avoid major fines, which is getting more complex in a borderless online market, they also need to be more transparent and responsive with customers when it comes to gathering, using, and protecting their personal data to create trust and loyalty. Without trust it will be hard to grow your business online.
Impact of GDPR since 2018?
Under GDPR, companies have been facing potential fines of up to €20 million or 4% of global revenues, depending on what’s greater. While all companies are vulnerable, those with poor data-protection practices or those that incur data breaches due to their own negligence are particularly exposed. GDPR Enforcement Tracker has been tracking these fines and so far through September 2021, there have been 778 fines levied totaling €1,277,329,802. Below are the top 5 as reported by the site, recognize any of the brands?
July 16, 2021, Amazon Europe was fined €746,000,000 for non-compliance with general data processing principles
September 2, 2021, WhatsApp Ireland was fined €225,000,000 for insufficient fulfilment of information obligations
January 21, 2019, Google LLC was fined €50,000,000 for insufficient legal basis for data processing
October 1, 2020, H&M was fined €35,258,708 for insufficient legal basis for data processing
September 15, 2020, Telecom Italia was fined €27,800,000 for insufficient legal basis for data processing
GDPR is having sweeping implications around the world, and Europe isn’t the only geography bolstering data protection laws. While we could not find exact figures on how much has been invested to date, IIAP and EY reported that GDPR is costing companies an estimated $9 Billion to stay compliant.
Image Credit: Forbes
With draconian fines a real possibility, this investment looks almost economical. However fines are only part of the potential damage done by failure to comply. Loss of consumer trust and loyalty can be even more devastating even for companies that do not need to be GDPR compliant. According to a survey by OnePoll, “86% of 2,000 respondents stated that they were “not at all likely” or “not very likely” to do business with an organization that had suffered a data breach involving credit or debit card details.”
Are data and privacy investments worth it?
So why does this cost so much? Think of the GDPR as a kind of consumer bill of rights governing data use. Under it, consumers have a variety of rights:
They must be able to access their personal data, know what is being collected and used by companies, and why.
Consumers “own” their information. Data accumulated on a consumer cannot be sold to third parties.
Companies must protect an individual’s IP address or cookie data with the same rigor as a name, address, and Social Security number.
Consumers have the right to request that their data be transferred to another business.
They may demand that any personal data be erased at any time from companies and third parties.
Companies must create new systems that put privacy first – not as an afterthought. Companies will be allowed to collect, store, and process information only if it is verifiable necessary.
Mandatory data breach notifications must be sent to individuals within 72 hours, including any event that risks the rights and freedoms of individuals.
To fulfill on the above obligations, companies needed to invest in centralizing and securing data from likely hundreds of systems and data sources, not to mention needing to hire highly skilled professionals to deploy, manage and be accountable for the data, systems, protocols, and communications needed to prove compliance and create buyer trust.
For context, when consulting for a Fortune 500 client back on 2010, pre-GDPR, and focusing on just marketing and sales technologies to drive a Customer360 data project, we found over 250 independent databases with over 10 million records we wanted to use for just direct communication strategies using email at the time.
Due to budgets, we focused on less than 10 data sources to get an MVP POC off the ground and that alone scope alone cost over $1 Million in budget.
It's not all about compliance, it is more about trust and loyalty
Investing in better customer data and security practice is not just to avoid government fines. As the post-pandemic global economy continues to expand digitally, gaining trust online is going to be one of the most important competitive differentiators companies can invest in. Companies that prove they are trustworthy and responsive to customer concerns about their data will rise above the fray and make it easier for customers to transact online.
This trust will also have a knock-on effect as it will limit the inquiries by anxious customers, leading to the investigations and fines being levied by governments around the world.
According to Deloitte’s 2019 US retail privacy study, when consumers trust a retailer and are satisfied with their privacy policies, consumers are more likely to be open or neutral about sharing personal data (73 percent) compared to those who are dissatisfied or unaware (57 percent). That difference in trust can have a huge impact on generating online revenue from eCommerce.
The study went on to highlight a gap in customer perception of what their data is used for and what sellers are doing with data and why they gather it. The study reported that most consumers still believe the main purpose of data gathering by retailers is to share data with third parties or sell it to outside buyers.
However, retail executives in the survey “indicated the top three uses of consumer data is for increasing efficiencies in operations, improving product selection, and enhancing in-store services or experiences.” While the sellers are focused on better buying experiences, it won’t matter if the customer thinks it is all just a trick to resell and profit from their personal information.
This means the onus is on the seller to earn buyer trust through better communications, information, and experiences that show they can be trusted.
Ask yourself, is your current eCommerce solution helping you do that?
How to stay up to date
More information about the requirements and the impact of GDPR can be found by visiting www.gdpr.eu. To learn more about Elastic Path’s trust program focused on Security, Stability and Scalability, visit our trust page at https://www.elasticpath.com/product/trust.
In the case of the GDPR, ignorance is anything but bliss.
Topics: trust, gdpr, online, brands, fined, data, companies, update, information, personal, impact, consumers, privacy, fines. -
A Practical Guide to Ethical Website Analytics – Top Solutions Reviewed
-
As technology evolves, so does the power of digital surveillance. One area in which this has become particularly prominent is web analytics. A website that isn’t using ethical website analytics will collect data on where you are, how you use…
Continue reading A Practical Guide to Ethical Website Analytics – Top Solutions Reviewed
Topics: analytics, web, website, solutions, business, practical, gdpr, free, compliant, reviewed, ethical, google, guide, data. -
Despite the GDPR, Cookies Are Vital to Ecommerce
-
Cookies are in the spotlight with the E.U.’s new General Data Protection Regulation. It follows the E.U.’s “Cookie Directive,” which has been in effect for several years.
Cookies are important for ...
Topics: ecommerce, cookie, despite, cart, vital, gdpr, web, track, data, stores, browser, cookies, visitors, server. -
Ecommerce websites in Europe hit by GDPR
-
Ever since the European Union’s General Data Protection Regulation, or GDPR, came into force 14 months ago, ecommerce websites in Europe have recorded lower page views, site visits and revenue. The General Data Protection Regulation was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. It’s a… Continue reading
Topics: data, hit, online, gdpr, europe, websites, visits, privacy, regulation, traffic, ecommerce. -
Europe-based merchant accesses GDPR
-
The E.U.'s new data protection law goes into effect on May 25. Many businesses here in Europe and elsewhere have ignored it. That is a mistake. Failure to comply could result in an eye-watering fine of $20 million. If your company does business or communicates with any consumer in Europe, you should comply, or at least take steps to comply
Topics: gdpr, europebased, collect, consumer, consumers, access, eu, accesses, data, merchant, delete, consent, obtain, download. -
Facebook Outlines Moves Toward GDPR Compliance
-
At 1:00 AM Eastern Standard Time on Wednesday, Facebook published an announcement outlining some of the ways it plans to advance toward the General Data Privacy Regulation (GDPR), which comes into force next month.
Topics: outlines, ads, announcement, moves, egan, doesnt, eu, facebook, statement, data, gdpr, compliance, users. -
Facebook to Roll Out 'Similar' EU Privacy Options to All Users
-
Facebook announced today that it will be sending all users a News Feed alert asking them to review their data and privacy options.
Topics: data, gdpr, theyve, users, eu, similar, options, facebook, company, information, uses, roll, alert, privacy. -
GDPR Compliance and Magento Marketplace
-
May 25th is fast approaching and with it, GDPR
Topics: compliance, extensions, privacy, policy, website, gdpr, magento, marketplace, merchants, data. -
GDPR Compliance for Ecommerce: What Store Owners Can Do
-
Ecommerce store owners are busy enough as it is. SEO, social, design. You don’t need another to-do. So we’ll apologize right away for adding one. It’s just that, well, GDPR compliance is too important to ignore. It’s been over a year since GDPR was implemented, and there are certainly lessons […]
Topics: gdpr, privacy, compliant, data, store, protection, europe, owners, compliance, google, ecommerce, youre. -
GDPR and the Right Side of History
-
Brian Halligan sent this note to all HubSpot employees this morning:
Yesterday, I got three emails from vendors asking me if it is okay that they keep sending me emails. I imagine you got a few as well. The irony is hard to miss.
Topics: right, gdpr, companies, marketing, customers, sell, grow, standard, history, hubspot. -
GDPR is here!
-
Updated Magento Commerce policies and agreements meet GDPR standards
Topics: magento, privacy, data, information, european, share, personal, shield, individual, weve, gdpr. -
GDPR: Getting Re-Permissioning of Customer Consent Right First Time
-
With just under two months before 25th May, consumers are seeing a plethora of re-permissioning emails hit their inboxes. Some work (very well), others down right fail.
In this article our General Counsel, Julian Palmer, considers what it takes to make sure your re-permissioning campaign (to send future marketing campaigns) works first time.
Topics: customers, right, consent, email, marketing, repermissioning, emails, data, privacy, customer, policy, gdpr, getting. -
How to Prepare Your Business for the GDPR Apocalypse
-
Learn how to prepare your business for the GDPR legislation in effect and ways you can comply with new legislation to avoid steep fines.
Topics: apocalypse, data, information, sensitive, personal, youre, business, company, gdpr, online, prepare, companies, users. -
Is Email Marketing Dead? No, But These Practices Are
-
99% of people check their email every day.
Topics: emails, email, gdpr, dead, metrics, readers, marketing, practices, strategy, subject, using. -
Only 34% of UK Consumers Know What the GDPR Is [New Data]
-
The other day, a friend of mine said he recently received several strange emails from every online company with which he has an account.
Topics: gdpr, internet, consumers, uk, privacy, eu, users, data, know, facebook, regulation. -
Supporting the Rise of Consumer Data Privacy Regulations: The Current and Future State of Ecommerce Security
-
Trends come and go in ecommerce. Customer expectations expand as quickly as online stores strive to meet them. However, one…
Topics: consumer, security, standards, privacy, gdpr, ecommerce, data, regulations, merchants, bigcommerce, compliance. -
The 10 Best Privacy Policy Generators
-
As you begin to create and launch your new business website, it’s easy to overlook the seemingly smaller details like the privacy policy. But this isn’t something that should slide through the cracks. Your privacy policy is a critical element in covering your tail legally, and some countries require them […]
Topics: generators, privacy, information, best, generator, data, gdpr, email, free, website, policy, youre. -
The GDPR: Its Impact on Brands and Benefits to Consumers
-
Online activities generate data that can be collected, stored, and shared. Shopping online, interacting with social media, installing mobile apps...
Topics: impact, million, protection, gdpr, data, consumers, companies, consumer, countries, european, brands, privacy, benefits, practices. -
The General Data Protection Regulation: One Year Later
-
One year ago on May 25, 2018, the General Data Protection Regulation (GDPR) went into effect and replaced the 1995 EU Data Protection Directive (DPD) with the goal of significantly enhancing the protection of the personal data of EU citizens and increasing the obligations of organizations who collect and/or process personal data.
Topics: companies, interactions, report, consumers, eu, protection, regulation, gdpr, general, data, later. -
Top GDPR Compliance Software
-
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
Topics: consent, management, privacy, personal, apps, storage, manage, data, gdpr, compliance, software. -
UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users
-
The U.K.’s Information Commissioner is starting off the week with a GDPR bang: This morning, it announced that it has fined British Airways and its parent International Airlines Group (IAG) £183.39 million ($230 million) in connection with a data breach that took place last year that affected a whopping 500,000 customers browsing and booking tickets online. In an […]
Topics: uks, ico, breach, fine, techcrunch, british, iag, gdpr, airways, record, data, protection, statement, fines, theft, leaked, users. -
Unriddled: Facebook in Brussels, Launch of the GDPR, and More Tech News You Need
-
Welcome back from a long Memorial Day weekend, and an equally long week of data security-related news that applies directly to you -- and me. It's another edition of "Unriddled," our mid-week digest of the tech news you need to know.
Topics: unriddled, zuckerberg, privacy, users, launch, week, need, tech, facebook, brussels, data, ads, gdpr, read. -
What California's New Data Privacy Act Means for Marketers
-
Disclaimer: This blog post is not legal advice for your company to use in complying with U.S. data privacy laws like CCPA. Instead, it provides background information to help you better understand CCPA. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
Topics: californias, consumers, law, consumer, information, ccpa, gdpr, data, california, business, means, marketers, privacy, act. -
What Does GDPR Mean for U.S. Companies?
-
The General Data Privacy Regulation or GDPR is a hot topic in our private community. It goes into affect in the U.S. on May 25th. It’s a complicated privacy law to understand and is applicable to everyone worldwide. In today’s episode, we talk about what the law covers. We cover if you should care, what [...]
Topics: kind, companies, gonna, youre, law, does, really, data, think, mean, im, know, gdpr, dont. -
What Does Good Privacy Look Like for Your Organization?
-
Disclaimer: This blog post is not legal advice for your company to use in complying with data privacy laws like GDPR. Instead, it provides background information to help you better understand data privacy best practices. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.
GDPR instilled a catalyst of real change in 2018 — resulting in a permanent change of the data privacy landscape.
Topics: does, processes, practices, good, data, organization, changes, legal, look, tools, gdpr, privacy, companies, compliance. -
What’s new in WooCommerce 3.4: GDPR features and GeoLite2 integration
-
Since our last minor release in January, we’ve been working on a variety of improvements to WooCommerce: GDPR compliance tools and settings GeoLite2 integration To ensure this update is stable, we’ve been doing plenty of testing and QA on our side including a public beta period, unit and integration testing, compatibility testing with our extensions […]
Topics: read, email, geolite2, gdpr, features, release, geolocation, whats, woocommerce, update, support, settings, integration, php, version. -
WordPress Security: Important Considerations and Recommended for Ecommerce Websites
-
WordPress is the CMS (content management system) with the largest amount of installations in the world. Being the biggest means…
Topics: secure, recommended, wordpress, gdpr, password, information, website, user, ecommerce, security, access, considerations, websites, important. -
‘California Consumer Privacy Act’ Impacts Ecommerce Businesses
-
The California Consumer Privacy Act raises the bar for privacy protection in the United States. The CCPA is a significant step toward protecting consumer data, including the personal information most every ecommerce company collects.
Topics: information, privacy, data, subject, california, comply, businesses, ecommerce, personal, gdpr, impacts, ccpa, consumer, companies, act.