GDPR is a privacy law that not only affects organizations within the EU but also non-EU countries that process data of the residents of EU. It gives an individual control over their personal data. In other words, any data that can be used to identify a person directly or indirectly is considered personal data. Moreover, breaching GDPR can incur a fine for a business of up to 4% of their annual global turnover or €20 million. For this reason, in this article, we will explain how does Ecwid GDPR work.
How does Ecwid GDPR work?
Ecwid has taken steps to ensure that it complies with GDPR. However, it is also necessary for the merchants using its services to ensure that they are not breaching this law. Some of the initiatives Ecwid GDPR compliance team has to take include:
- Recruiting a Data Protection Officer to handle the Ecwid Data Protection Policy.
- Training its personnel in the Ecwid GDPR focused training.
- Working with only subprocessors who also provide adequate privacy protection.
- Implementing a detailed procedure for Data processing and establishing necessary records for it.
How to increase Ecwid GDPR compliance?
As I mentioned earlier, the GDPR compliance doesn’t end with Ecwid. It is necessary for its users to take steps to ensure they don’t breach the regulation when selling from EU or to anyone living in EU. Some things you can do as a seller to ensure you comply with the G DPR are:
Get customer consent before collecting any data
Give customers the right to access their own data
Give customers the right to control their own data
It is necessary to provide customers with the ability to control their personal data as well. Extensive control to edit or delete their own data must be granted to them. Again, remember the third parties you work with, and ensure they provide the same control as well.
Notify customers in case of a data breach
You, as a merchant, are a data controller, and Ecwid acts as a data processor for all your customer’s data. If a data breach should occur on your website, Ecwid will notify you about it. It is also your duty as a data controller to notify your customers about it. Ecwid rules dictate that you have a maximum of 72 hours since you were made aware to notify your customers about the incident.