International Retailers, The Three things you may not know about GDPR
Tuesday, May 22, 2018

Categories: Thought Leadership

International Retailers, The 3 Things You May NOT Know About GDPR

Disclaimer:  This video and blog does not constitute as legal advice. Please consult with an attorney to ensure that you are fully complaint with GDPR.

With the 25th May just around the corner the deadline for GDPR is fast approaching. At this time, most international retailers should have implemented changes to data processes and storing methods. However, with this complicated European Union data protection regulation, it is easy to overlook some critical elements.

So, check out our video regarding three GDPR implications that you may not even be thinking about. For a short summary and more resources, see below.

1. Customer Data From the Past

All data that you have collected throughout the years is subject to the GDPR going forward. So without having express permission, and being able to prove that express permission, you cannot use the data after the 25th May.

Also remember that this express permission has to be freely given, specific, informed and unambiguous. No more pre-completed boxes and be very clear on what you will be doing with their data.

2. More Than Just an Email Regulation Get Will the Real OMS Please Stand Up? Whitepaper

If a cookie can identify a person via their device, those cookies are perceived as personal data and as such falls under GDPR jurisdiction. The great thing is that not all your cookies fall under this category. However, cookies that are usually used for analytics, advertising and functional services such as surveys and chat tools probably does.

What is more, even here the GDPR needs express consent. Scrolling to accept cookies or having a notice that claims by using this website you agree to cookies is no longer enough. Your customers have to be able to accept or reject your website cookies.  Customers also need to have the option to change their mind. Even if they say yes to your website cookies today – it has to be easy for them to come back to your site tomorrow, find your cookie policy and withdraw their consent.

3. Is All Your Retail Tech Vendors There?

As the Data owner and controller – you are responsible for any third-party data processors. This is anyone that is processing or storing data on your behalf, be it your e-commerce system, CRM or Order Management System.

Make sure you double check with your third-party vendors if they are complaint, especially the vendors that is not necessarily EU-centric. Imagine, making sure that all your processes are complaint, and then still getting a fine because one of your third-party vendors isn’t. Not a situation you want to find yourself in.

Disclaimer:  This video and blog does not constitute as way legal advice. Please consult with an attorney to ensure that you are complying fully with GDPR



Carla van DeventerCarla van Deventer is Marketing Co-Ordinator at OrderDynamics. With a background in both corporate communication and events, taking on the retail technology world is her next challenge.






Pickup Notifications: Retailers, Are you Talking with your Shoppers?

Schedule a Demo

This Is How SOC 2 Can Protect Your Business