Privacy and data collection have dominated headlines in recent months, and many sellers have questions about how the ongoing debate will affect their businesses.
The most immediate and relevant change to the e-commerce landscape is the European Union’s impending General Data Protection Regulation (GDPR) deadline. On Friday, May 25, the GDPR will take effect and apply to any organizations and individuals in Europe, including companies worldwide which do business with them.
The GDPR requires any organizations with personal data from EU residents to keep that data secure, use it only as authorized by the individual and keep it only as long as necessary for legitimate business purposes.
What has ChannelAdvisor done to be ready for the GDPR?
At ChannelAdvisor, the security of our systems and data has always been our top priority. With the enactment of the GDPR, ChannelAdvisor has taken additional steps to protect personal data in our systems (Privacy By Design), as well as to modify some of our related processes so that they are ready for the GDPR.
ChannelAdvisor has undergone an extensive internal analysis, and has both reviewed and documented its personal data processing activities in order to make them compliant with the GDPR. ChannelAdvisor has also utilized outside resources to review our readiness for GDPR.
Does my contract with ChannelAdvisor need to be modified for GDPR?
Contractual requirements vary depending on the nature of the customer’s business and its location, so a customer should review a contract to determine whether a change is needed regarding personal data processed on your behalf by ChannelAdvisor.
ChannelAdvisor has a Data Processing Agreement (DPA) for use under the GDPR. To discuss the need for a DPA with ChannelAdvisor, please open a support case on our Community site. As customer contracts are created and renewed, they will also include a DPA where appropriate.