GDPR for e-commerce and how to be prepared!

GDPR for e-commerce and how to be prepared!

If you are an online shop owner you have a long list of to do. Your plate is already over the top full. But there is one more thing you can’t ignore if you want to do business in Europe, with European customers: GDPR!

GDPR is Europe’s big new data protection regulation that takes effect on May 25th,  and will impact what it means to do e-commerce in Europe.

This post is meant to help you with what it says, what compliance means for you, and how you can use it to your advantage.


What is GDPR?

GDPR is short for General Data Protection Regulation and its straits the rules for how all European residents’ data must be handled.

Regardless of where you are based, the new rule applies to all companies that offer products or services to consumers in Europe. So if your e-commerce shop is available in Europe, you have to comply.

GDPR compliance isn’t simply for European companies selling products to European customers, it covers any interaction with clients in Europe.


gdpr in ecommerce


What to do to be GDPR compliant?

Consent is the most important!

GDPR empowers Europeans to control exactly how their data is used. As a result, being compliant means you can’t assume what your users want. When obtaining consent, it needs to be “freely given, specific, informed and unambiguous,” with “clear and plain” legal language that is “clearly distinguishable from other matters”.


The right to be forgotten

Under GDPR, every individual has what’s called the “right to be forgotten”. If requested by a customer, your business will need to remove all data you hold on that specific individual, across the whole organization.


Only collect data that you need!

The heart of GDPR compliance is protecting people’s data. You can limit your exposure by not collecting data that you don’t need. If you’re not going to use the information, then don’t ask for it. And if you are going to use it, be really clear about what you’ll use it for.

To give you an example, checkout pages ask for a shopper’s phone number. Shop owners need to ask themselves, “What am I going to use this person’s phone number for?” Could be for SMS campaigns, or as a safeguard against fraudulent orders. Just make sure that you explain this stuff in the terms and conditions and privacy policy.


Make everything really clear!

Regulators in charge of GDPR compliance love transparency. You could put an “unsubscribe” link on your website next to “subscribe.” You could link directly to your terms and conditions from your footer.

Putting all of these out in the open is one of the simplest ways to protect yourself from concerns. And if you have certified or verified processes, tell the world!


Be compliant and enjoy the benefits!

GDPR isn’t just rules and headaches. It’s a huge opportunity: European customers will like you more if you are compliant.

No doubt, data privacy is a big deal in Europe. In fact, European companies from every sector use data protection and data privacy as a selling point, and store owners can do the same.

Simply put, data privacy and data protection are huge topics in Europe. Some countries require websites to give details about cookies and data protection, but these websites don’t just give details. They show it off. It’s a marketing strategy!

European consumers want to feel comfortable about GDPR compliance issues before making a purchase or engaging with a brand. That’s why websites, no matter the content, make such a big deal about GDPR-related topics the likes of cookies and data privacy.

You can leverage these attitudes to grow your online shop. Let people know that you are compliant. Make GDPR compliance part of your Terms and Conditions page. Put it in the footer of your emails. Every little advantage helps.

If you’re GDPR compliant and your competitor isn’t or you’re the only one who brags about it, then that might be a big selling point in the European market.


  1. Hi, as you stated
    “When obtaining consent, it needs to be “freely given, specific, informed and unambiguous,” with “clear and plain” legal language that is “clearly distinguishable from other matters”.

    that usually is done with the classic checkbox that need to be selected by the user when submit their email.

    What are you planning for Retargeting to be compliant with GDPR ? (privacy checkbox on form, export of customer data, delete customer data, user access to their data stored, ecc )

    • Hey Michele!
      We’ve been working hard for the past 6 months to adhere to the GDPR policies. We are glad to let you know that, starting May 10th, everything will be up and running!


Submit a Comment

Your email address will not be published. Required fields are marked *