What is GDPR?
GDPR, or General Data Protection Regulation, is the European Union’s data privacy law impacting how companies collect and handle their customers’ personal data. It applies to a wide range of businesses - so if you have customers from Europe, or your business is based in Europe, this very likely affects you.
When do the regulations take effect?
GDPR officially kicked in on May 25th, 2018.
Is Big Cartel compliant with GDPR?
Yes - we’ve worked with our legal experts to ensure that Big Cartel is compliant.
Keep in mind, however, that each seller will have their own responsibilities to manage when it comes to GDPR. Big Cartel’s GDPR compliance does not automatically mean you and your store are compliant. As a data controller, you’ll be responsible for your own compliance, but Big Cartel will offer tools to help you.
For example, you can edit customer information or delete it altogether should a customer request it.
So how do I make sure my store is GDPR-compliant?
Since there’s a lot of ground to cover (and much of it is in legal jargon) the best thing you can do is to consult with a lawyer who is well-versed in online business. Here are a few of the key areas you’ll likely want to address.
- If you use any apps or plugins with your shop, you’ll need to make sure they are also GDPR-compliant.
- You may also need to look into appointing a Data Protection Officer and conducting documented Data Protection Impact Assessments.
- You may need to get consent from your customers to process certain data or to communicate with your customers, or change how you obtain that consent.
- You’ll also want to ensure you can comply with the rights of customers (governed by GDPR) to access, correct, erase, and export their data. Big Cartel’s platform will help you to do this for the data we hold.