GDPR Ecommerce

What is GDPR & How Will It Affect Online Businesses

The General Data Protection Regulation (GDPR) is the legal structure in European Union (EU) that ensure privacy and data protection of all citizens and residents within EU. This rule will be valid from May 25, 2018, and applies to all companies that acquire and use personal data for businesses.

So, this is going to be a serious affair, isn’t it? Yes, in every sense.

The implementation of GDPR is going to have a significant impact on Digital marketing and E-commerce, which means everyone in this technological world must have an insight on this topic.

Let us take a sneak peek into the details and impact of the new regulation executed by the European Parliament regarding “protection of individuals concerning the processing of personal data and on the free movement of such data.”


Curious to know why GDPR?

This law has two primary goals;

Firstly, Set up a single data protection law across European Union since EU initiates the regulation. However individual countries can include additional rules without altering or removing any part of this regulation.

Secondly, GDPR intent to provide individuals, the power to use and distribute their data.

With the execution of GDPR customers can enjoy personalized experiences as well as privacy too.

The Basic Principles of GDPR

Now let us take a quick look at the foundation or the right users can enjoy with this system;

1. Right to access: Individuals have the right to access their data from the organization that holds their personal information. If requested the data controllers should provide a copy of the data, and the individuals have all the right to know where and how their data is used and processed.

2. Right for erasure: Upon the request of individuals, the data controller should erase the personal data of individuals and should also ensure that third parties do not use their information.

3. Data portability: Individuals can avail their data in electronic format and can also transfer their data to any service provider they choose.

4. Data breach notification: If data breach like hacking, leaking or losing USB, etc. then data controllers should inform users within 72 hours.

5. Privacy by design: Privacy of Data should be ensured from the first stage itself, i.e., designing a new project or system.

6. Data protection officers: Public companies or Data procession companies should have an onsite data protection officer instead of informing local Data Protection Authorities about their activities.

Legal ways of data processing under GDPR:

You might be wondering how GDPR regulates data processing, right? Let us look into that.

There are six legal ways of data processing;

(a) Consent: the user permits to process their data for a particular purpose.

(b) Contract: If data processing is necessary to inform the user to take specific steps or result.

(c) Legal obligation: If the processing is required for you to abide by with the law.

(d) Vital interests: If the process is essential to assist someone’s existence.

(e) Public task: If the processing is critical to execute an official function or to safeguard the public interest.

(f) Legitimate interests: If the processing is needed for legal interests or involvement of a third party unless there is a great reason to safeguard personal data which overrule those legitimate interests.

Will User’s applaud for GDPR?

A survey was carried out by Page Fair on “How users feel about providing personal data,” and the result was,

80% of users don’t like to provide data for advertising purposes
21%-32% of users expect to know the details stored about them
21%-39% of users will demand to erase the data

This report states that majority of users doesn’t prefer to share their data to receive advertisements.

So, with the implementation of GDPR, obtaining client consent is going to be a real challenge for users and for that reason online marketing will have to undergo a drastic change in the implementation process of GDPR.

The Effect of GDPR on E-Commerce Businesses

E-commerce Businesses and organizations have to abide by this data protection rule. It also does not matter whether the data processing happens within or outside EU which means to carry out an activity to EU citizens and residents then the organization has to act as per the rules of GDPR.

Since it is new initiative confusions and complications, will be a part of it.

Every organization should appoint a data controller or a data protection officer who will look after everything related to GDPR. If a company doesn’t abide by GDPR rules then a fine up to 4% of annual global revenue or 20 million Euros, whichever is greater will be levied.

To be precise, GDPR is not merely an IT issue, it is much broader than that and includes everything related to marketing and sales.

Expected Impact of GDPR on B2B E-commerce

Is GDPR adverse for E-Commerce marketers? Why?

We can’t say that GDPR is adverse, but it is a challenge for small and large digital companies. Even Facebook and Google will be affected by this law since all these organizations largely depend on user’s data for sales and marketing.

When GDPR becomes effective, obtaining data is going to be risky because ;

User’s declaration or permission

With the implement of GDPR, every e-commerce company needs user’s declaration or permission to use their data for advertising and marketing. It is going to be a real risk for marketers as they have to obtain individual consent to use personal data of the user.

2. Marketers can no longer show retargeting ads

GDPR considers cookies and IP addresses as personal data. Also, e-commerce marketers, without the permission of individuals, cannot exchange Client-IDs or profiles between two parties even if it falls under same ad network.

To tackle this risk, e-commerce marketers will have to come up with very, creative and competent technical solutions to create an online space for stores and products.


GDPR will be mandatory within few months, and it will be better if organizations initiate few things to welcome this new set of rules to avoid legal issues.

  • The digital marketers must raise internal awareness to ensure that the primary stakeholders and board members are aware of the new scenario.
  • It is also better to audit and document all the data, the organization holds.
  • The organization should review the current privacy policy and should plan for changes if required. Identifying legal basis, updating subject access procedures, investigating data breaches and tackling the same are also essential for smooth organization’s growth and marketing.
  • GDPR seems to be very risky, but in a broader sense, it has excellent opportunities as well.

Let us hope, with the implementation of GDPR; Marketers can find who their loyal customers are and build more relevant and valued relationship with them.


Leave a Reply

Your email address will not be published. Required fields are marked *