GDPR is a privacy law that not only affects organizations within the EU but also non-EU countries that process data of the residents of EU. It gives an individual control over their personal data. In other words, any data that can be used to identify a person directly or indirectly is considered personal data. Moreover, breaching GDPR can incur a fine for a business of up to 4% of their annual global turnover or €20 million. For this reason, in this article, we will explain how does Ecwid GDPR work.

How does Ecwid GDPR work?

Ecwid has taken steps to ensure that it complies with GDPR. However, it is also necessary for the merchants using its services to ensure that they are not breaching this law. Some of the initiatives Ecwid GDPR compliance team has to take include:

Recruiting a Data Protection Officer to handle the Ecwid Data Protection Policy .

Training its personnel in the Ecwid GDPR focused training .

Working with only subprocessors who also provide adequate privacy protection .

Implementing a detailed procedure for Data processing and establishing necessary records for it.

How to increase Ecwid GDPR compliance?

As I mentioned earlier, the GDPR compliance doesn’t end with Ecwid. It is necessary for its users to take steps to ensure they don’t breach the regulation when selling from EU or to anyone living in EU. Some things you can do as a seller to ensure you comply with the G DPR are:

Get customer consent before collecting any data

Obtaining your customer’s consent for processing their personal data will reduce a lot of risk for you. Create a privacy policy detailing why you are collecting their personal data and how will you be processing it. Make sure to offer them an option to withdraw their consent any time they wish.

Give customers the right to access their own data

Provide your customers with a copy of all their personal data you have collected about them. If you’re unsure how to provide them with the data, the Ecwid control panel has an option to get and provide those data. Make sure if any third parties you are working with have access to your customer’s personal data. If they do, make sure to include that in privacy policy as well.

Give customers the right to control their own data

It is necessary to provide customers with the ability to control their personal data as well. Extensive control to edit or delete their own data must be granted to them. Again, remember the third parties you work with, and ensure they provide the same control as well.

Notify customers in case of a data breach

You, as a merchant, are a data controller, and Ecwid acts as a data processor for all your customer’s data. If a data breach should occur on your website, Ecwid will notify you about it. It is also your duty as a data controller to notify your customers about it. Ecwid rules dictate that you have a maximum of 72 hours since you were made aware to notify your customers about the incident.