The GDPR is a sweeping EU regulation with massive fines for non-compliance that affects virtually all ecommerce businesses globally. John Di Giacomo, a leading internet lawyer, provides an essential breakdown of what the GDPR entails, why it applies to your business even if you're outside the EU, and the practical steps you must take to ensure compliance and avoid severe penalties.
Key takeaways
Regardless of your business location, if you collect data from EU citizens, you are subject to GDPR; understand this extraterritorial reach to avoid non-compliance.
Scrutinize your data collection and processing methods to ensure explicit consent is obtained and documented for all personal data, particularly for marketing activities.
Update your website's privacy policy and terms of service to clearly reflect your GDPR compliance efforts and outline data subject rights.
Be prepared for data breaches by understanding notification requirements and timelines to authorities and affected individuals.
Regularly review and ensure your third-party service providers (e.g., email platforms, analytics) are also GDPR compliant, as their non-compliance can impact your business.
Themes
data privacy & compliancelegal & regulatoryrisk management
The General Data Protection Regulation from the European Union takes effect on May 25. The law is sweeping, with massive fines for noncompliance. It affects most every company worldwide, large and small. It’s also confusing.There is no better authority in the U.S. to explain the GDPR to ecommerce merchants than John Di Giacomo. He is founding partner of Revision Legal, a leading Michigan-based internet law firm. He is, additionally, a contributor to Practical Ecommerce.
Frequently asked about this episode
What does this episode say about data privacy & compliance?
Regardless of your business location, if you collect data from EU citizens, you are subject to GDPR; understand this extraterritorial reach to avoid non-compliance.
What does this episode say about legal & regulatory?
Scrutinize your data collection and processing methods to ensure explicit consent is obtained and documented for all personal data, particularly for marketing activities.
What does this episode say about risk management?
Update your website's privacy policy and terms of service to clearly reflect your GDPR compliance efforts and outline data subject rights.
What does this episode say about data privacy & compliance?
Be prepared for data breaches by understanding notification requirements and timelines to authorities and affected individuals.
What does this episode say about data privacy & compliance?
Regularly review and ensure your third-party service providers (e.g., email platforms, analytics) are also GDPR compliant, as their non-compliance can impact your business.
