Over the past week we’ve answered some key questions about GDPR compliance. You’ve read about the changes coming to eCommerce (and the internet in general), the importance of putting someone in charge, and how to craft a privacy policy. You learned the basics of responding to Right of Access and Right to Erasure requests, and the importance of keeping your data — and your customers’ data — secure.

There’s also a larger issue at play: privacy isn’t a one time effort. It’s part of the ongoing maintenance for your business.

Continue Reading

Google blacklists around 10,000 websites every day for malware, removing them from search results — and more importantly, malware can infiltrate customer data and expose your customers (and you!) to fraud and identity theft. Security breaches are a serious business.

To raise the bar on how companies respond to security issues, the GDPR introduces new rules governing what merchants must do when an EU resident’s data is exposed in a breach. 

Continue Reading

Sometimes. a customer wants to remove their digital footprint from the Internet. Maybe they were the victim of identity theft, suffered online harassment, or just want reduce their online presence. Whatever the reason, store owners who collect data from EU residents can expect to receive “Right to Erasure” requests under the GDPR.

As with Right of Access requests, the data a person can expect to be erased includes the obvious — name, address, phone number — and the less obvious, like tracking numbers and VAT IDs. 

One significant difference is that Right to Erasure requests are more like a right to request erasure. As a business owner, you probably need to keep some data for a limited time to comply with contractual obligations and protect yourself, like keeping tracking IDs to defend against shipping disputes or keeping VAT information for tax audits. Before you get your first request, it’s important to know what personal customer data you need to store, and to include this in your privacy policy and terms and conditions.

When you’re ready to fulfill a Right to Erasure request, the good news is that — as with Right to Access requests — WordPress 4.9.6 and WooCommerce 3.4 have tools to help.

Before You Get Your First Request

Continue Reading

You probably know someone who’s requested their data from one of the big social media platforms. It can be staggering to see all the detail in one of these data “dumps”!  

If your store collects data from EU residents, you can expect to start receiving “Right of Access” requests under the GDPR. 

An EU resident has a right to a copy of all the data you’ve collected about him or her, ideally in an electronic format. This includes information like name, address, and phone number, along with less obvious things like shipment tracking numbers or VAT IDs. Thankfully, WordPress 4.9.6, WooCommerce 3.4, and many WooCommerce extensions automate the legwork Right of Access requests require — we’ll walk you through the process.

Continue Reading

Getting your business prepared for the GDPR is no small task, and it doesn’t end when the law takes effect on May 25th.

Step one: to get ready for the GDPR, May 25th and beyond, you’ll want to designate an employee to oversee compliance efforts and update your privacy policy. These aren’t just legal requirements — they also lay a good foundation for ongoing compliance and they can impact sales.

Continue Reading

Whether you’ve had a WooCommerce store for a long time or are in the earliest stages of an eCommerce endeavor, you’re probably  wondering what you need to do about this new European law—the General Data Protection Regulation (GDPR).

Our six-part series on Getting Ready for the GDPR explores the ins and outs of the law and how it applies to you, a WooCommerce store owner. Let’s get oriented with a few common questions and answers.

Continue Reading