Neto
Disclaimer: We encourage you to seek legal advice and review the GDPR yourself, as it’s ultimately your responsibility to ensure you are compliant with the GDPR. This post should not be taken as legal advice.
The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will impact how businesses process and handle data, coming into effect from 25 May 2018.
Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of citizens of the EU.
Australian businesses need to determine whether they need to comply with GDPR, and if so, take steps to ensure their personal data handling practices comply with the GDPR.
This may include adjusting how you collect data—GDPR requires you to clearly request consent when collecting data.
This might mean adjusting forms like your newsletter subscription form or user registration form to ensure shoppers are explicitly accepting your terms and conditions and privacy policy.
While Neto plans on updating our standard website design themes to more explicitly request acceptance of a website's terms and privacy policy, and we have published tweak documentation to help merchants retrofit their existing themes, it is ultimately the responsibility of every merchant to ensure they are compliant. We cannot guarantee that just because you’re using an up-to-date theme, you are compliant.
The GDPR requires every business to allow any EU citizen (whom the business is storing personal data pertaining the EU citizen) to:
Neto has the ability to both give merchants this data and anonymise this data, on request. This request needs to be made to Neto, by the merchant. In the event of a request, we will provide the merchant with the requested data.
Keep in mind that when shoppers make these requests, they are not just talking about the data that Neto hosts. You will need to review all places where you store personal data, such as any analytics tools you may use or any third-party integrations.
Again, it is your responsibility to ensure you are compliant. Neto cannot provide additional advice on acquiring or anonymising data from external parties.
There are many implications to the GDPR and we have not summarised them all. For example, there is a good chance you will need to update your Terms & Conditions and/or Privacy Policy. We encourage you to seek legal advice and review the GDPR yourself.
We take our responsibilities under the new GDPR legislation seriously. That's why we have undertaken a program of work to assess what effort is needed to be compliant with GDPR.
Here is a quick summary of the work we have done:
This post was updated on 24 May 2018 to reflect the availability of the relevant tweak documentation.