The Clearsale Blog

E-Commerce and Data Protection: New Best Practices Since GDPR

E-Commerce and Data Protection: New Best Practices Since GDPR

The General Data Protection Regulation (GDPR) — a European Union (EU) privacy regulation that went into effect May 25, 2018 — dramatically changed the way companies worldwide can collect, use, transmit and store the personal data of E.U. citizens.

No longer can merchants use prepopulated consent forms or single-click agreements to collect customer and e-commerce data. Instead, consumers must manually opt-in to give consent and must have a clear way to access their personal data, change subscription preferences and delete their personal information at any time.

But how well has GDPR been implemented?

Although organizations had years to prepare, many waited until the last minute to update policies and gather consent from their users and customers — and even more are still unprepared. So as the flurry of email notifications about privacy settings begins to slow, it’s time to take a look at what, if anything, has really changed since May 25 and which best practices e-commerce merchants should be following to become — and stay — compliant.

What We’ve Learned From GDPR

Six months into GDPR, e-commerce merchants have learned — and changed — a lot, even as they continue to work toward compliance. Google found it needed to increase its privacy policy by more than 48% (other merchants likely also faced increases to their policy size). Other major organizations, like the Los Angeles Times and the New York Daily News, have restricted website access to, ignored or even temporarily abandoned their EU customers as they sort through and comply with GDPR requirements.

Merchants who have complied with the standards may have found that they’ve lost upward of 25% of their addressable market. The reasons for the loss are simple: These customers haven’t given their consent to receive emails, which may be due to either the customers withdrawing their consent or their opt-in emails landing in junk folders.

And it’s not just EU citizens withdrawing consent. An estimated 33% of U.S. customers have decided not to complete an online transaction after reading something in the privacy policy they didn’t agree or feel comfortable with.

As a result of the decline in addressable markets, some e-commerce merchants have seen their business volume decline; after all, merchants can’t gain existing customers by having them opt in — they can only lose them. Even online giant Facebook reported a decline of nearly a million monthly active users and declining ad revenue growth in Europe during the most recent quarter, which the company attributes to GDPR.

Best Practices for e-Commerce Data Compliance

To avoid losing customers and revenue, e-commerce merchants must continue to emphasize to customers that they’re valued as people, not just as data. Taking the time to explain to customers just how you will use their personal data can go a long way in improving the customer experience, retaining and building the customer base, and increasing loyalty. Here are five best practices you should be implementing into your e-commerce store to achieve these goals.

Process Customer Requests to Delete Records

Ensure you have a process in place to let clients easily request their customer records be deleted. Then make sure you follow through on each request, deleting those records across your entire e-commerce business.

Update Terms of Service

Consider including a statement on how you process EU customers’ personal data, especially if this differs from how you handle the data on non-EU customers.

Update Privacy Policies

Let customers know what rights they have under the GDPR, what data they may be asked for and how your policies have changed for processing customer data.

Modify Cookie Policies

When cookies are used to identify a shopper via their device, those cookies are considered personal data and are subject to GDPR regulations. Update cookie policies to detail what cookies you use and how you use the collected data. You’ll also need to allow customers to specifically give/revoke consent for this usage.

Use Compliant Traffic Sources

Because not all advertising platforms are currently GDPR-compliant, e-commerce merchants must be mindful of the companies they choose to help generate traffic. Many ad and affiliate networks are using marketing metrics like cost per click and click-through rates — all of which rely on collecting data through the use of cookies stored on the customer’s browsers. And this could be problematic with GDPR’s calls for transparency about the use of these cookies.

Protecting Your Customers

What merchants must remember is that even if they have just one EU customer, they must fully comply with GDPR regulations or face fines of up to 4% of their global revenue. And GDPR compliance isn’t a one-and-done proposition. Merchants must ensure they continue to be compliant with regulations to avoid future penalties. Although no fines have yet been imposed, that doesn’t mean merchants should be complacent. Instead, they should continue to actively work to bring their systems into compliance.

While the initial reports emerging from GDPR compliance might worry some merchants, the long-term outlook predicts GDPR will add value and include a level playing field for merchants collecting personal data, transparent privacy policies, and an improved customer focus.

Another way to add value to your business is by partnering with a fraud solutions provider like ClearSale that’s trusted by companies around the world. If you’re looking to safely and securely grow your business, contact us today to learn how we can help you, too.

ClearSale Fraud Protection Buyers Guide

You may also like

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Preparing Your E-Commerce Store for the Holiday Season

Preparing Your E-Commerce Store for the Holiday Season

It might still be summer on the calendar, but the holiday shopping season is just around the corner.  Are you ready?

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a..

Why Manual Fraud Review Is Worth the Wait

Why Manual Fraud Review Is Worth the Wait

“We don’t have time to manually review transactions.” It’s a common refrain among e-commerce merchants. They know that customers are fickle and that they’ll go where they can get quick, accurate..

What to Consider When Assessing the Cost of Fraud Protection

What to Consider When Assessing the Cost of Fraud Protection

Almost every e-commerce business would acknowledge that online payment fraud is a growing global problem—one that hurts customers and merchants alike.

Why MOTO Transactions Have an Increased Fraud Risk

Why MOTO Transactions Have an Increased Fraud Risk

It seems like the web and online shopping have been around for decades. Still, it’s really not that long ago that consumers would place orders for goods by thumbing through paper catalogs and..

SIM Swapping: How to Protect Against This Emerging Scam

SIM Swapping: How to Protect Against This Emerging Scam

As smart technology gets smarter, so do fraudsters.

The 13 Fraud KPIs E-Commerce Merchants Need to Know

The 13 Fraud KPIs E-Commerce Merchants Need to Know

When you’re doing business online, it can be hard to know if your fraud prevention solution is doing what you need it to.

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog