The Clearsale Blog

E-Commerce and Data Protection: New Best Practices Since GDPR

E-Commerce and Data Protection: New Best Practices Since GDPR

The General Data Protection Regulation (GDPR) — a European Union (EU) privacy regulation that went into effect May 25, 2018 — dramatically changed the way companies worldwide can collect, use, transmit and store the personal data of E.U. citizens.

No longer can merchants use prepopulated consent forms or single-click agreements to collect customer and e-commerce data. Instead, consumers must manually opt-in to give consent and must have a clear way to access their personal data, change subscription preferences and delete their personal information at any time.

But how well has GDPR been implemented?

Although organizations had years to prepare, many waited until the last minute to update policies and gather consent from their users and customers — and even more are still unprepared. So as the flurry of email notifications about privacy settings begins to slow, it’s time to take a look at what, if anything, has really changed since May 25 and which best practices e-commerce merchants should be following to become — and stay — compliant.

What We’ve Learned From GDPR

Six months into GDPR, e-commerce merchants have learned — and changed — a lot, even as they continue to work toward compliance. Google found it needed to increase its privacy policy by more than 48% (other merchants likely also faced increases to their policy size). Other major organizations, like the Los Angeles Times and the New York Daily News, have restricted website access to, ignored or even temporarily abandoned their EU customers as they sort through and comply with GDPR requirements.

Merchants who have complied with the standards may have found that they’ve lost upward of 25% of their addressable market. The reasons for the loss are simple: These customers haven’t given their consent to receive emails, which may be due to either the customers withdrawing their consent or their opt-in emails landing in junk folders.

And it’s not just EU citizens withdrawing consent. An estimated 33% of U.S. customers have decided not to complete an online transaction after reading something in the privacy policy they didn’t agree or feel comfortable with.

As a result of the decline in addressable markets, some e-commerce merchants have seen their business volume decline; after all, merchants can’t gain existing customers by having them opt in — they can only lose them. Even online giant Facebook reported a decline of nearly a million monthly active users and declining ad revenue growth in Europe during the most recent quarter, which the company attributes to GDPR.

Best Practices for e-Commerce Data Compliance

To avoid losing customers and revenue, e-commerce merchants must continue to emphasize to customers that they’re valued as people, not just as data. Taking the time to explain to customers just how you will use their personal data can go a long way in improving the customer experience, retaining and building the customer base, and increasing loyalty. Here are five best practices you should be implementing into your e-commerce store to achieve these goals.

Process Customer Requests to Delete Records

Ensure you have a process in place to let clients easily request their customer records be deleted. Then make sure you follow through on each request, deleting those records across your entire e-commerce business.

Update Terms of Service

Consider including a statement on how you process EU customers’ personal data, especially if this differs from how you handle the data on non-EU customers.

Update Privacy Policies

Let customers know what rights they have under the GDPR, what data they may be asked for and how your policies have changed for processing customer data.

Modify Cookie Policies

When cookies are used to identify a shopper via their device, those cookies are considered personal data and are subject to GDPR regulations. Update cookie policies to detail what cookies you use and how you use the collected data. You’ll also need to allow customers to specifically give/revoke consent for this usage.

Use Compliant Traffic Sources

Because not all advertising platforms are currently GDPR-compliant, e-commerce merchants must be mindful of the companies they choose to help generate traffic. Many ad and affiliate networks are using marketing metrics like cost per click and click-through rates — all of which rely on collecting data through the use of cookies stored on the customer’s browsers. And this could be problematic with GDPR’s calls for transparency about the use of these cookies.

Protecting Your Customers

What merchants must remember is that even if they have just one EU customer, they must fully comply with GDPR regulations or face fines of up to 4% of their global revenue. And GDPR compliance isn’t a one-and-done proposition. Merchants must ensure they continue to be compliant with regulations to avoid future penalties. Although no fines have yet been imposed, that doesn’t mean merchants should be complacent. Instead, they should continue to actively work to bring their systems into compliance.

While the initial reports emerging from GDPR compliance might worry some merchants, the long-term outlook predicts GDPR will add value and include a level playing field for merchants collecting personal data, transparent privacy policies, and an improved customer focus.

Another way to add value to your business is by partnering with a fraud solutions provider like ClearSale that’s trusted by companies around the world. If you’re looking to safely and securely grow your business, contact us today to learn how we can help you, too.

ClearSale Fraud Protection Buyers Guide

You may also like

ClearSale Recognized with 2021 Comparably Award for Best Company Outlook

ClearSale Recognized with 2021 Comparably Award for Best Company Outlook

Fraud protection leader ranked among businesses for high employee confidence and successful outlook

Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It

Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It

The exponential growth in digital commerce has made it easier and more convenient than ever for consumers to engage with brands.

One way they’re doing this is through mobile applications. While..

Critical Pandemic Lessons in Mobile Payment Fraud Prevention

Critical Pandemic Lessons in Mobile Payment Fraud Prevention

As the world pivoted to online shopping, work, and learning last year, the timeline for mobile usage growth jumped ahead by two to three years in the first half of 2020. Many retailers rolled out..

QR Code Payments Are Convenient, Great for Distancing, and Targets for Fraud

QR Code Payments Are Convenient, Great for Distancing, and Targets for Fraud

QR code payments have finally caught on in the U.S. after lagging behind adoption in China and other Asian markets. Why the change? The need for contactless payments brought on by the pandemic..

ClearSale Nominated for “Best Business Process Outsourcing” in the NORA Awards

ClearSale Nominated for “Best Business Process Outsourcing” in the NORA Awards

Retail association recognizes ClearSale’s valuable fraud protection services for businesses worldwide.

Advance Strategies to Eliminate Ecommerce Chargebacks

Advance Strategies to Eliminate Ecommerce Chargebacks

What can we expect e-commerce to look like throughout 2021? There's still a lot of uncertainty in the economy, but some strong trends emerged last year that merchants can build upon now as..

Not-For-Profits and Charities Are High-Risk Targets for Costly BIN-Bashing Fraud. Here’s What to Do About It

Not-For-Profits and Charities Are High-Risk Targets for Costly BIN-Bashing Fraud. Here’s What to Do About It

By Ralph Kooi, Australia Country Manager, ClearSale and Matt Humphries, Head of Sales and Marketing, Bambora

As UK Stores Target a Global Audience, Here’s What You Need to Know About Security

As UK Stores Target a Global Audience, Here’s What You Need to Know About Security

The sharp rise of eCommerce has eliminated shopping borders and it's not unusual for hackers to target stores not in their local country to avoid outing themselves.

What You Need to Know in Ecommerce

What You Need to Know in Ecommerce

The past year or so has changed how we shop and how we think. As the world changes and as consumer behaviour changes with it, as merchants we must start to ask ourselves, very seriously, will our..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog