Luzern’s guide to GDPR for eCommerce
What is GDPR? The GDPR – General Data Protection Regulation – is a new EU law around data protection and privacy for collection and processing of EU citizens personal information. These new regulations came into effect on May 25th, harmonising data privacy laws across Europe.
Why Is this Important
The GDPR is being implemented to provide individuals greater protections and rights to their personal data, giving them control over how organisationscollect, store, share and use their personal data. They will also have additional rights in relation to requesting access to personal data organisations hold on them.
In addition to enhancing consumer rights, transparency is a key goal of the GDPR. Organisations must be transparent in how they collect personal data, what they use the personal data for, and who they share it with, which must be clearly communicated in user friendly language at the point the consumer is asked to provide these details.
Heavy fines can be applied to organisations who do not comply with the new regulations.
What are We Doing At Luzern
- Employee training and education provided on GDPR, process changes, and responsibilities in managing personal data
- New Privacy Notice added to checkouts where we request personal details, outlining why the details are required, and what we will use them for
- Updated text for Consent where requesting email addresses for marketing or newsletters, outlining in a transparent manner what the data will be used for, and clearly providing Unsubscribe options
- Partnered with our suppliers to ensure they are also compliant with GDPR requirements
- Updated our internal documentation, policies and procedures to clearly demonstrate our commitment and compliance with the rules and spirit of the GDPR