Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

THE GDPR: 80% OF UK COMPANIES FACE “MAJOR CHALLENGES” FOR COMPLIANCE BY MAY 2018

The race against time has already begun: the new General Data Protection Regulations, defined in 2015 to strengthen consumer protection at European level, will come into effect as early as 25th May 2018. Non-compliance with the GDPR will result in severe financial penalties. These are part of a general policy in the European community to harmonise data protection across the European area. A survey has revealed that, just 10 months before the GDPR compliance deadline, 80% of respondents said they face major challenges[1]. The GDPR is a major issue for all the players in e-Commerce. 

The RGPD, a major step and a real challenge for all companies

The new European regulation applies to any company that collects, processes and stores the personal data of European nationals, whose use can identify a person. All economic entities (companies, charities, administrations) must begin to implement the measures necessary to comply with the rules.

The major change resides in the requirement to justify all the data processing carried out (collected during the creation of accounts, newsletter subscriptions, navigation preferences, and so on).  For example, when a customer unsubscribes from a newsletter or changes the phone number on their customer account, the company must prove that the change has been made and to provide details of the processing (hours, IP address, and so on). At the request of the individual and at any time, his/her data may be deleted, modified or restored. The objective is to give consumers control of their identity and the commercial use of their personal information.

Finally, an enhanced protection for e-buyers!

Consumers must clearly understand for what purpose their data will be used on e-Commerce sites, and the scope of their consent must be clearly defined. Modern e-Commerce marketing techniques (retargeting, product suggestions and so on) must be explicitly accepted by individuals. They must also have direct access to their personal information. In practice, they can request the portability of their information (order data, wish lists, etc.) and obtain double opt-in consent for their children.

In case of a data breach, the user will be informed within 72 hours by the company, and the responsibility may lie with the subcontractor responsible for the leak, or with the host if the latter has been hacked. To ensure that these new rights are respected, the legislator has made it possible to pursue collective legal action through official representative bodies.

VSBs and SMEs – Implementation of the GDPR in e-Commerce 

By May 2018 all companies will have to comply with the new regulations. Implementation of the necessary measures implies thorough understanding of both the obligations and the means to achieve them.

The e-Commerce sites will have to ensure the highest possible level of data protection. To guarantee the security of their customers’ personal data, e-merchants must deploy technical measures and comply with strict rules regarding, for example, the implementation of a register of consent; retention of data; securing transactional mails; encryption of passwords and so on. A Data Protection Officer (DPO) will be appointed to ensure the implementation and monitoring of these actions.

We are entering into an era of total accountability for the company, a necessity with regard to the more than 64% of UK companies who have not begun their GDPR implementation for May 2018[2].

Let’s not forget that thousands of hacks target all the major players in e-Commerce every day. Data security and technical infrastructure are the major challenges for the web world. According to new government figures, around 46% of UK businesses have now suffered a digital attack. With 5.5 million companies in the UK, that suggests around 2.5 million may have been targeted successfully by hackers, with £174.5m records breached in September 2017[3] alone.

A binding framework for companies with major short-term impacts

Penalties for failure to meet the obligations imposed by the regulations are financial and indexed to the global turnover of the company. They can reach 10 to 20 million euros or 2 to 4% of turnover, whichever is the highest sum.

A new concept is emerging: “Privacy by Design”, a guarantee of quality and reassurance for entrepreneurs seeking optimal security of customer data. A site designed in “Privacy by Design” ensures that no module has been added to the site structure and that the solution has been developed with data protection as a prerequisite at every stage of the website’s construction.

Actinic, Europe’s leading e-Commerce solutions provider, is actively involved in these processes for its 10,000 European e-merchants. Unlike customized e-Commerce technologies or OpenSource, its SaaS model allows it to integrate privacy directly into the design and operation of Privacy by Design (IT) systems and networks. It thus guarantees reassurance to every customer of your VSB/SME, and prioritises the protection of the privacy and data of Internet users, in compliance with the GDPR.