The GDPR II went into effect on the 25th of May this year -- and the whole world held their breath (nearly). The GDPR should allow the user owner of the data (e.g. you) to have more control over it.
If you don't follow the GDPR, there are fines up to 2 million Euros or 4% of the annual turnover, whichever is higher[1]. So, here is a summary of a few Steps merchants should keep in mind for the GPDR:
Adjust your privacy settings
Your privacy settings should now state when you are using which data how. So make sure to get in touch with a legal adviser to check if your data policy is GDPR compliant.
Cookie Settings
A visitor of your website must now be able to choose, which cookies they want to accept. The only type of cookies that is an exception to this rule are cookies that are necessary for the website to work properly.
Signing a DPA
You need to have a DPA (Data Processing Agreement) with all of the entities that are dealing with the data of your customer
Possibility to delete customer data
You customer can always demand to delete all data that you have on file for him. So make sure that you have the possibility to do so.
Possibility to export all customer data
Your customer can demand an export with all the data that was collected about him. This also includes the data you generate about him, not only the data, that he has provided you with when filling out e.g. an application form.
Additional resources:
Guide about the GDPR from Stripe. Some general information, also information regarding the acceptance of online payments. Make sure to have a look at the Checklist:
https://stripe.com/guides/general-data-protection-regulation
A guide from Wix, more focused on which information you have to provide on your website:
https://support.wix.com/en/article/preparing-your-wix-site-for-the-gdpr
This whole article is for entertainment purposes only. Make always sure to check with a legal adviser of your choice.
[1] https://www.gdpr.associates/what-is-gdpr/understanding-gdpr-fines/