GDPR in e-commerce
Although the sense of introducing detailed guidelines regulating the processing of personal data leaves no doubt, it must be admitted that the multitude of requirements and obligations that fell on entrepreneurs can be overwhelming. The partnership with partners representing e-commerce allowed DVS to specialize in the subject of personal data protection and to understand the pains related to it. This mixture of knowledge and experience became the inspiration to take Polish online stores under the magnifying glass. The survey, which was conducted from November 2020 to January 2021, brought results that on one hand may worry, but on the other hand clearly show what work needs to be done.
E-commerce under the magnifying glass
– The tools that we have designed so far, as well as the ongoing cooperation with our legal partners have allowed us to deeply understand the topic of personal data protection and to find optimal technological solutions in this area – explains Wojciech Bachta, CEO at Da Vinci Studio.
GDPR in e-commerce – what works and what should be improved?
The issue of using a newsletter remains an individual choice of a particular company (although it’s hard to deny that, properly prepared, it can work wonders). According to the report, 60% of the surveyed companies use such a form of contact with clients, yet only 26% of them include information on personal data processing.
This is just some of the data. More information can be found in the report GDPR in e-commerce [link]. We encourage you to read and draw conclusions!
GDPR – a never-ending process
Mateusz Sawaryn, a partner at Sawaryn and Partners law firm, reminds us that GDPR is not a monolith that once set does not change.
– Protection and processing of personal data require cyclical actions, Sawaryn emphasizes. – Running an online store requires, among other things, introduction and adaptation of appropriate technical and organizational measures to ensure, first of all, the security of the processed data, as well as that, by default, only that personal data is processed which is necessary to achieve each specific purpose of the processing.
The lawyer reminds that entrepreneurs are obliged not only to regularly check, but also (and perhaps above all!) to improve the implemented procedures related to personal data while always complying with the current regulations.
Data protection also applies to the internal affairs of a company, which are outside the customer’s field of vision. It involves the necessity to implement protection procedures, to introduce appropriate security measures, to carry out regular trainings and to keep the documentation in order.
– This is an area that is invisible to users, but necessary for real personal data protection; therefore, it should be kept up-to-date and adjusted to, among other things, the company’s business and changing personnel, explains Sawaryn.