Tl;dr – fast forward to the topics of most relevance to you:
- 7 principles of GDPR [10:30]
- Cookie consent and pop-ups [28:00]
- Privacy by design [39:00]
- Brexit and GDPR [51:00]
Online privacy is a hot topic. General Data Protection Regulation, or GDPR, was intended to improve how businesses process and handle data. In place since 2018, GDPR has replaced previous data protection rules across Europe that were almost two decades old. Since those rules were defined a lot has changed in terms of how data is collected, used and distributed online.
Whilst the principles are well defined, implementation on ecommerce sites is by no means uniform. Some apply the letter of the regulations, others blur the boundaries with how they handle things like cookie consent and when cookies are set.
Data privacy compliance really does matter. It can affect your business reputation and expose you to risk and penalties for lack of compliance. The best way to achieve privacy compliance is to build and maintain a culture of continuous compliance. This requires so much more than ticking the boxes for GDPR compliance; it’s a structured process that needs to be embedded into your whole organisation over time. Businesses that take their customers’ data privacy seriously create a culture that reduces the risk of data breaches.
Online privacy and privacy by design
Online privacy is about more than compliance; it relates to your business attitude to your customer’s data and how well you protect that data and their privacy.
For our 77th episode, we interviewed Karima Noren, co-founder of The Privacy Compliance Hub. The hub helps organisations embed data privacy protection into their business so they can demonstrate compliance with privacy laws. As a recognised thought leader for data privacy, we asked Karima to share her perspective on the current state of play with GDPR and how ecommerce businesses need to embed privacy by design into their processes.
You can also listen to our episode on bespoke vs. off-the-shelf platforms via the following:
Key discussion points
- What is the GDPR and is it the only privacy law we need to care about?
- How does the GDPR apply to an ecommerce business and what does a good implementation look like?
- Many businesses focus on the customer facing elements of GDPR not the full process; why is that?
- How can a business build privacy by design into its technology, process and people?
- What is the business case for investing in this and taking it seriously?
- How strictly has compliance been regulated in the UK and Europe – are the concerns around penalties justified?
- Where is GDPR heading post Brexit?