GDPR Vs E-Commerce: Who's Winning the Battle of Compliance?
The egg-timer for the official push date of GDPR is almost empty and there’s no switch to flip it back now. With spikes in popularity of questions like “What is GDPR compliance?” and “Does GDPR affect me?” you might almost be asking, haven’t you left it a little late?
Many have taken a very lax approach to GDPR, hoping that it is a lot of hot air. In fact, as of 9th April, less than a third of all european websites were GDPR ready.
67% of websites in Germany,
31% of websites in UK,
17% of websites in Portugal,
are GDPR ready
Not a single country was 100% GDPR ready with just over a month to go. Of course, there’s still time but these numbers speak of a laissez faire approach across the EU. And it doesn’t just stop there, outside of EU boundaries, compliance and even awareness, is not as universal as one (read: the EU) may hope.
Only 38% of UK businesses were aware
of GDPR as of January 2018
22% of global companies unaware that
GDPR affects them
This fact becomes more shocking when you realise that failure to comply can result in huge GDPR fines.
4% of a company’s annual turnover or
€20 million fines for failing to meet
GDPR standards
With the actual fine amount depending on which value is higher.
Whilst, a pragmatic approach has been implied by some states, naysaying by others, claiming that there is “no requirement to be fully ready on the 25th of May”, may have less than the desired effect. Sure, it’s a stance that many on the business side of things would prefer, but it could also be one that spurs on retaliation by enforcers to consolidate their position as a serious threat, by taking a very hard line.
What should we be doing in this final week?
Whilst this final week should be more of a final touch up, there are adjustments still being implemented across the board. Some may preach, better late than never but it can mean that there is little room for error, should anything go awry.
Nevertheless, make sure that you have:
Assessed
Have you gone through - with your own Data Protection Officer (DPO) or legal team - and assessed every aspect of your documentation with a fine-toothed comb? This is one of the costliest parts of GDPR compliance, but not doing it can end up costing even more.
Identified
Following assessment, you may or may not have identified areas in your current data handling protocols that need to be revised. If you have not already, now is the time to have, at least, identified these areas so that you can...
Put a strategy in place
There’s a huge difference between failing to be compliant and failing to be complaint WITHOUT a strategy to fix it. If worst comes to worst and you still have a few cracks to plaster before 25th May, make sure that you at least have a clear plan of action, complete with time frame and security measures, to remove any doubts of negligence.
Last but not least, BE CLEAR!
It’s hard not to see the irony in a 500 page, 99 article document having a take home message of ‘cut the jargon’, but there it is. In preparation for avoiding GDPR penalties, you may realise you are actually dealing with much longer legal papers than before. That may seem counterintuitive but it is better to be safe than sorry when covering your bases. Clear isn’t always concise, and in the battle of GDPR vs e-Commerce, size may matter.
Clerk.io is fully GDPR compliant. To read more about how click here, and if you want to read more of Clerk.io's GDPR posts, click here