Data Privacy and Compliance: Navigating the Maze

Share:

Share on facebook
Share on linkedin
Share on twitter
2021 08 31 gdpr privacy

[3-minute read]

Every sport has its potential for causing injuries. Ecommerce is no different. You can consider all the legal compliance documents you have to generate before you are legally allowed to trade as the ‘injury’ of ecommerce. Not all is lost. Once you have these documents in place, it’s done and dusted and you can get on with making some serious moola. 

We’re going to break down the various compliance requirements for you in three blog posts, each dealing with a particular compliance document. At Truevo, we believe in doing everything we can to help you be successful; we’re everything for entrepreneurs. That’s why we’ve scoured the web to find useful templates and sites that share compliance-related information. Grab a cuppa, let’s have a chat…

A bird’s eye view

First, let’s quickly have a look at all the documents you’ll need before we take a deep dive into privacy compliance. We’ll also give you a brief description of each policy and why you need it.

Data and privacy 

There’s been much noise about privacy and data, especially in Europe recently with General Data Protection Regulations (GDPR) implemented in 2018. So any ecommerce business planning to sell products in the EU has to comply with GDPR requirements. In short, the requirements protect EU citizens’ personal data, how it’s used, stored, transferred, and processed. More about Privacy policies and GDPR later in this article. 

If you are not selling in the EU you also have to comply with data protection law. It will help you follow good practices, protect the rights of staff, customers and partners, give you a clear view of what you are doing with your data, and protect you from any data breaches.

Shipping policy

Every customer buying products online wants to know how long they’ll have to wait before they receive their products. It applies to domestic as well as international clients. They also want to know how much various delivery options will cost them and the cost of taxes and customs. Your shipping policy should cover all of the above.

Returns policy 

Speaking of injuries: One of the advantages and drawbacks of ecommerce is that customers can’t touch, feel, and taste the products before they buy them. If they’re buying their favourite shampoo they know what to expect and will seldom return it, unless it was damaged. The same can’t be said for apparel, clothing, fragrances, and food. Sometimes people also just change their minds. Whatever the reason is for returns, you need to be prepared for it and state it clearly on your website. Customers need to know if they can return the product, what it will cost, if it will be replaced, or if they will be refunded. A clear returns policy will do all of that. 

Let’s take a deep dive into data and privacy 

GDPR: Trading in the EU

The aim of the GDPR policy is to protect EU citizens’ personal data. If your business does not comply with the requirements, you will receive stiff penalties and fines. The GDPR also aims to standardise and provide consistent data protection of data across all EU nations. 

We’d just like to reiterate that EVERY company trading in the EU must comply with GDPR. In the end, it’s best to comply, and will cause less headaches and smooth your ecommerce journey. The Information Commissioner’s Office (ICO) provides an extensive guide on who has a lawful basis to process personal data. Have a look at their guide and handy tools to guide you. 

The GDPR policy can be very extensive and complicated. We’ve found some sites that provide GDPR policy templates. These templates can be downloaded, completed with your details and used on your website. Have a look at Law Donut and what they have to say about the rights of individuals, companies, and regulations you have to abide by in your data privacy strategies. They also provide downloadable templates that can help you draw up your policies. Before you head off, we’d like to chat about a couple of hoops you have to jump through in your policies. Let’s have a look at them:

  • You need to get consent from your customers to collect and process their data 
  • You must handle the data anonymously to protect privacy 
  • Have a system in place to safely transfer your data across borders 
  • Whether you will appoint a data protection officer to oversee GDPR compliance (don’t worry, if you’re just starting out you don’t have to do this)
  • What the procedure is when there is a data breach 

Just a bit more about data breaches: If you suspect that there is a breach, you have to inform the Information Commissioner’s Offices (ICO) of the breach. Simply put, a breach is when there is a breach in security that might lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. The ISO provides more information on what constitutes a breach and what you should do about it. 

So, in essence, the GDPR sets in place a baseline set of standards for companies that handle customers from the EU, how to safeguard, process, and move their data. This is such a minefield that it makes sense to perhaps take out some business insurance against data breaches. The Digital Guardian shares some more information on this. 

Privacy policies in the UK 

All companies that gather any information on their websites need to have a privacy policy that is accessible to anybody browsing the site. The policy extends to any data relating to a person in their private or professional capacity. ‘Sensitive personal data’ includes information about race, ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation, and any information about previous criminal behaviour. What it basically comes down to is: if you gather any data, you have to explain how you did it (cookies), and what it’s used for. You also have to tell users of your website that you are gathering cookies and get their consent to do so. 

Before you even think about the details of your privacy policy, you need to keep in mind that it has to be easily accessible to anybody browsing your website. Some sites put their policies under ‘Terms and Conditions’, or you can name it ‘Privacy Policy Statement’ under a tab on your main menu. Your policy needs to be easy to understand, use simple language and avoid complex legal terminology. If something is not obvious to you, chances are it won’t be for users either. 

If you follow the Truevo blog regularly, or look back at some of the topics we’ve covered, you’ll see that there are many instances where you can use existing documents and strategies to build on – take your business plan, marketing strategy, compliance documents and social media content for example. Thousands of businesses are in the same boat as you are. Some companies have realised this and created templates you can download and complete to suit your needs. They offer suites of templates to choose from. If you’re just starting out and can not afford a full time lawyer or marketer, the subscription fees can really be worth it in the long run. One thing is for sure, it will save you tons of time, which we know is really precious in a small business. 

Have a look at Simply-Docs. For £35 a year, you can use their templates that include website Ts and Cs, Offline Ts and Cs, Service agreements and SLAs, Privacy and Data Protection Policies, Commercial Agreements, Sale and Supply of Goods agreements, and much more. Business-in-a-Box offers the same service. You decide which one works better for you.

Did you resonate with this article? Feel free to share your thoughts and tag us on InstagramTwitter, Facebook, and LinkedIn.

Disclaimer

It’s important to note that this blog post has been written for informational purposes only. It shouldn’t be construed as legal or tax advice on any subject matter. Don’t make or refrain from making any serious or legal decisions based on the content of this post without seeking professional advice. 

Furthermore, please be aware that Truevo is in no manner connected or affiliated with any of the entities mentioned in this article. Any reference to such is simply by way of an example and does not imply or constitute any form of endorsement by Truevo.

Let's chat

  • Find out how Truevo can help your business accept payments:

  • We respect your privacy and will not share your information with any third parties.