In our previous article, we looked at how the new European General Data Protection Regulations will affect all types of businesses that collect, hold, and collate personal information from

emails to addresses and more. In the following, we will take a more detailed look at how some specifics of the new rules are likely to affect eCommerce businesses and websites that use such

data. Apart from the implications that the new rules will have for online and web trading businesses, there are of course, pertinent and crucial issues to be considered by developers. From

creating brand new platforms to updating or improving existing eCommerce systems, there are more than just a few potential pitfalls that owners and developers should be aware of. ‍ IS YOUR

compliance. ‍ TAKING A CLOSER LOOK Owners of eCommerce sites and developers have long been aware of the need for privacy policies and how they appertain to the use of cookies and other

invisible data collection methods. While onsite disclaimers and links to a simple privacy policies page may have been adequate in the past, they are unlikely, however, to conform to the

requirements of the new regulations. It could, therefore, be prudent to take a more in-depth look at the types of data a typical eCommerce site is likely to be dealing with. More

importantly, how they are likely to affect the owners of such sites under the new regulations. While many of those who are reading this article may already be thinking that it is obvious

what types of data they are collecting, there will most likely be “incidental” information coming through along with it. ‍ THE BURDEN OF PROOF With the new rules giving increased power to

the data subjects (your clients), there is certain to be a marked increase in the number of data privacy breach claims and requests for data information. One of the key factors that all

digital business owners need to consider is that the burden of proof in all aspects of both breaches and permissions will rest squarely with them. This should form the basis on which site

owners and developers collect, store, and use all types of personal data. By laying the right foundational structure at this level, virtually every possible issue further up the data chain

will be much easier to resolve. ‍ PERMISSION IS CRUCIAL One of the most important aspects of the new laws that are likely to affect digital marketers is the whole area of permissions. It

will no longer be sufficient for site owners to simply place a disclaimer on their pages advising clients of their options. Likewise, while privacy policies will still have their part to

play, simply advising the client in this way could potentially leave business owners open to none conformity and data privacy breach claims. ‍ ECOMMERCE, DATA, AND THE NEW REGULATIONS The

fact is that while businesses are busy focusing on their prime data functions, other data is often being collected along with it purely by default. So what kind of data do eCommerce sites

collect and how are these affected by the new regulations? In the following, we take a look at the types of data and their relationships with the European GDPR. ‍ DATABASES Whether you

operate a full blown eCommerce site that sells goods and /or services directly or a simple website that attracts subscribers, your activities already come within the remit of the new

regulations. The fact is that simply by holding your follower’s email addresses, you are collecting and holding their data. The new regulations take on board the whole spectrum of data from

simple contact details right through to more complex and “sensitive” information. Owners of such sites should carefully consider therefore how they acquire, store, and utilise such data. As

with all other types of data that come within the remit of the new laws, site owners will have to provide clear evidence that the data subjects (the clients) were made fully aware of how it

was collected and is now being handled. ‍ CREDIT CARDS AND OTHER PAYMENT METHODS The security aspect aside, payment details are possibly one of the most sensitive types of data covered by

the new regulations. The reality is that if your business processes online payments (and what eCommerce business doesn’t?), how those credit/debit card and other digital payments are stored

and handled is crucial. Even if your site uses a third party client to process payments, you should be checking up to ensure that they are also complying to the new regulations because in

the event of a data breach the buck may well stop with you. The software and website plugins that you use in relation to payments on your site will also need to conform to the rules so it

will be prudent to check and update as necessary. ‍ DELIVERY AND PAYMENT ADDRESSES Whatever type of online operation you have and irrespective of the size of your client base, if you obtain

a delivery address, you have personal data. This applies even if it is being delivered to someone other than the original purchaser. While this action may not be the prime function of either

your manual system or your digital database, you will still have collated and used the personal data appertaining to someone’s physical address. This is just one of many data types that can

slip through the net. It is understandable that a busy digital sales business would be focused on the client in respect of providing good service and also in taking proper care of their

personal data. eCommerce and web-based businesses should consider that they will be accountable for all and any data that passes through their systems whether they put it to use for their

businesses or not. Therefore, ensuring that systems and/or software are in place to catch such data should be a major consideration whether you own or develop eCommerce sites. ‍ EMAIL LISTS

Apart from the use of cookies, email marketing and list building is probably right at the top of any list of eCommerce tools. Online marketers are already familiar with the complex

double-opt-in systems that have evolved over the years and the multi-layered disclaimers that have accompanied them. Though these were originally born out of a response to the anti-spam

laws, they have already leant themselves extremely well to the existing data protection regulations. Website owners and developers should not be tempted into complacency in this data

collection area, however, because many of the systems that have been around for a long time may no longer comply. With the burden of proof in demonstrating that opt-ins were fully advised

now resting with site owners and managers, there is a need for both physical evidence and a crystal clear data trail. ‍ PURCHASE HISTORY In some ways, the new data protection regulations

will actually work in practical ways to enhance your online business practices. One such area where eCommerce site owners could benefit is in improved “data packaging”. Due to the

requirements for businesses to make data packages available, there will be a need to format or “package” data in a specific form. This is to enable data to be portable and easily available

for the client in situations where they may want to forward it to another user such as from a utility company to a bank. The upshot of this requirement is that data will need to be formatted

in line with such request and that, in turn, will make the whole business of transporting data much more streamlined. ‍ THE IMPORTANCE OF GETTING IT RIGHT eCommerce and website sales

businesses figure so strongly under the new European General Data Protection Regulations (GDPR) due to the way in which they collect and process data. The fact is that such businesses rely

heavily on software and other digital systems to promote and sell their goods and services. This not only means that they handle data in specific ways that come under the new rules, they

also, by their very nature, usually handle large quantities of such data. With online businesses and company websites operating 24/7 and virtually running on autopilot, it cannot be stressed

enough, just how important the whole data processing system is under the new rules. By getting it right from the outset, such businesses will be laying solid processes in data management

and possibly work to avoid some potentially expensive issues in the future. ‍ COMING NEXT We trust that some of the above have proved useful to our readers who own websites and eCommerce

sites. In the next article, we will be looking more specifically at the implications the new data rules will have for businesses that use list building and auto-emailing campaigns so visit

us soon to learn more. _Originally published at __www.gdprhq.io__._