GDPR and E-commerce Businesses

Hi, I’m Hans-Kristian. I’m the founder of
and these are my views on GDPR. GDPR is simply a law stating that EU citizens
now have a right to their own personal data. And it basically means that EU citizens have the right to opt-in if they’re going to share data with other people. They need to know who has their data. They need to know that they can get their data back, and they can edit that data, and finally they can also request
that their data be deleted. That’s basically what GDPR is. So GDPR was launched with a lot of fanfare with big fines and a lot of threats
and not a lot of transparency. So there’s a lot of confusion about GDPR,
which is a shame. Because at the core, it’s really a simple,
fundamental right to privacy for EU citizens. Right now we’re seeing a development where, the different government agencies come out to say
how they are actually going to enforce GDPR. And luckily if we look, at least in Denmark, the Danish authorities have come out and said they’re going to take
a super pragmatic approach to GDPR. So we might have heard a lot about the big fines – and of course if you don’t do anything,
you’re going to be fined – but they basically gave the example of saying, if they come out to somebody and check that that they have processes in place for editing data and listing of data
for personal information. If you have the basics in place
on how to handle personal data, you’re not going to get fined. You’re not going to get fined if you make the concrete example they gave was if you have some data that
you should have deleted after five years and you still have it after six years – then that is not an offence
that they are going to fine you for. But if they come out and you’re not prepared, you don’t know who has personal data, you don’t have a process in place
for editing or reporting data, then you’re going to get fined. So it seems to be a super reasonable implementation,
at least in Denmark. And I think,
and this is just my own personal speculation – that, that is going to be the general approach. I think with some of the big companies,
they’re going to use GDPR, like Facebook or Google, to get some fine money in, but I think generally, for smaller companies you’re going to see this pragmatic approach. My whole way of thinking, is that if you take a super lean approach with GDPR, you will end up with no effect and that’s not what you want. But if you take a super hard approach with GDPR, with the big fines coming out, you’re going to see small business death because small businesses are going to struggle with keeping up with GDPR. Politicians in the end,
are a lot more concerned about jobs, than they’re concerned about privacy. So, I think that, generally we are going to see a super pragmatic approach to GDPR. Which means take care of personal data,
know where it is. Know that you can, at anytime get it, delete it and edit it and basically it’s just super common sense. If I was running my own ecommerce store,
here’s what I would do about GDPR. I would first and foremost, sit down
and look through the different vendors that I have and check out, what data do they have? Can I delete it? Can I get it back? Check that they actually follow these points about GDPR – It takes work, but that’s actually the point about GDPR – that you know what data is in the different systems. It takes time, but that’s the whole point about GDPR. You need to know this. What I would then do is,
sit down and write some terms for my customers and my visitors, in a human language. The whole point about GDPR is also that the information to the consumer,
should not be drowned in a lot of legal terms. So sit down and write it in a privacy statement that is written in a human language. But also be honest and say: “Hey, we are going to track you,
we are going to measure what you do. That’s the core of what we do,
that’s how we can improve our business.” To be transparent about what you do and show them what the information is going to be used for and tell them how they can easily get their data back, or removed, or opt-out if that’s what they want. So, that’s basically what I would do; a bit of homework and then,
some clear communication for my customers. So, I hope that was valuable and that you are a bit less concerned about GDPR and know how to handle it by May 25th. If you want to know more about
and how we handle GDPR, and how we are GDPR compliant you can always just reach out to us or else, there will be a link with this video,
to our GDPR page and I hope to see you soon.

Leave a Reply

Your email address will not be published. Required fields are marked *