1) The document discusses the key requirements of GDPR for e-commerce companies, including obtaining consent for marketing, making it easy for customers to access or delete their data, and knowing where all customer data is stored.
2) It focuses on why consent is needed, what types of customer data must be accessible to them, where all customer data is currently kept, how to facilitate customer requests to update or delete their data, and ensuring data is deleted when no longer needed.
3) The number of systems that store customer data can make GDPR compliance more difficult, so companies need to gain control over all customer data across their various e-commerce, POS, warehouse, email, CRM and analytics systems
2. Here is what you can
build with our products
General Data Protection Regulation for e-commerce in one slide
• To use personal data you need a ‘lawful basis’
• For marketing purposes, the ‘lawful basis’ will always be consent
• Consent has to be explicit and positive (no pre-ticked checkboxes)
• If you are sharing data, you have to identify who you will share it with (not just
‘third parties’)
• You have to notify people of how you are going to use their data - even if you
acquire the data from a third party
• You have to make it easy for people to withdraw consent at any time
• You have to make it easy for people to find out what data you hold on them, to
change the data if it is wrong and to ask you to delete the data
• You have to get rid of data when you say you will, or when it’s no longer needed
4. WHY?
• You need a ‘lawful basis’ to process
personal data
• Selling them something is a lawful
basis (Contract)
• Marketing to them will always need
consent
• Consent for marketing has to be:
• Positive
• Explicit
• Not tied to getting a service
• Easy to withdraw
• Documented
1
5. WHAT?
• You have to know what personal
data you have on an individual:
• They can ask you to tell them at
any time (Right of access)
• They can ask you to delete it at
any time (Right to erasure)
• They can ask you to send it to
someone else at any time (Right
to data portability)
• You have to comply ‘without undue
delay’ (one month)
• You have to do it for FREE
2
6. WHERE?
• Where do you currently keep
personal data?
• E-commerce system?
• CRM?
• CMS?
• Email system?
• Accounting system?
• Logistics system?
• Spreadsheet called
‘Customers’?
• Post it notes around the
office?
• All of the above?
3
7. HOW?
• If a customer asks you to change
or delete their data, how are you
going to do that?
4
8. WHEN?
• Even if the customer doesn’t ask
you, how will you make sure you
get rid of data when its no longer
needed?
5
15. • GDPR doesn’t have to be scary
• But you have to have control of your data
• You have to know:
• Why you have it
• What you have
• Where it is
• How to change it
• When to get rid of it
• The more systems you keep customer data in,
the harder it will be to manage it
16. Visit us at G-33
Office
OmniCX Digital Ltd.,
2 Eastbourne Terrace,
London, W2 6LG
Phone
+44 203 129 2722
Email
hello@omnicx.com
Web
www.omnicx.com