Estimated read time: 3 minutes, 45 seconds

Can you believe it? Black Friday and Cyber Monday are almost here!

By now you have already created your marketing campaign, picked out the best offer that will drive sales, prepared your servers and support team for the increase in traffic, and set up your reporting and analytics so you can measure the dazzling success of this year’s sale. So now you sit back, relax, and wait for the revenue to come rolling in, right?

Not quite.

While that influx of new customers is welcomed by every business around the world, it also brings up the often discussed and very much dreaded topic, the General Data Protection Regulation. Before we get into the specifics of protecting personal data, let’s start at the beginning.

What is personal data?

When we talk about personal/customer data, what pieces of information are we referring to? Simply put, personal data is any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify a person. For example:

  • First and last name
  • Photo
  • Email address
  • IP address
  • Bank Details
  • Medical information

What is the General Data Protection Regulation?

The GDPR (General Data Protection Regulation) is European regulation that establishes a new framework for handling and protecting personally identifiable information (PII) of EU-based residents. Essentially, it requires businesses to keep personal data safe.

Here are some of the requirements of the GDPR:

  • Businesses must obtain explicit consent to access EU-based residents’ PII.
  • Businesses must notify customers in case of hack or breach.
  • Businesses must appoint a dedicated data protection officer.
  • Businesses must pay increased fines for noncompliance.

If you’re thinking, “Woohoo! My business isn’t in the EU, so I don’t have to change the way I collect, store, and use customer data,” that’s not necessarily true. “GDPR applies to all organizations holding and processing EU resident’s personal data, regardless of geographic location.” Basically, if you offer goods and services in the EU, then you are required to be GDPR compliant.

How do I make sure my online store is GDPR compliant?

First of all, you have to understand a lot of legislation, the implications of being noncompliant, and then run an audit against the GDPR framework. After that, it’s a lot of data collection, classification, assessment, and revisions.

Or, there’s a simpler option.

By using FastSpring’s all-in-one ecommerce platform, your business will be compliant with the EU General Protection Regulation. FastSpring complies with the EU-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries. So, with FastSpring, your business will be ready to conduct business with all EU-based customers.

But with Black Friday and Cyber Monday just around the corner, you may be looking for additional security measures to keep customer data safe. For those who want to go the extra mile for their peace-of-mind, here are some extra steps you can take to keep personal data safe during BFCM.

5 Ways to Protect Customer Data

  1. Use dedicated servers. With a dedicated server, you can increase your overall data security.
  2. Invest in data encryption. Businesses that don’t have data encryption in place are more vulnerable to data breaches which means a large fine under GDPR. Avoid the headache, and encrypt your data.
  3. Only collect necessary data. More data means a larger cache for cyber hackers. Requests for excessive information may also make your customers nervous. So, stick to the basics, and collect only what you need.
  4. Limit accessibility. By limiting the number of people with access to customer information, you limit the number of opportunities hackers have to find vulnerabilities in your security.
  5. Keep customers informed. Customers want to know what you’re doing with their information. Here’s an example from Savant of a simple statement to share with customers to keep them in the loop: “Savant understands that you have entrusted us with vital personal information. We want you to know that we take our responsibility to protect your information seriously. Savant regularly reviews and evaluates both its privacy and security policies and adapts them as necessary to deal with the constantly changing data security landscape.” 

With some of the biggest shopping days of the year coming up, nobody wants to be the victim of a data breach or have to shell out hefty fines for GDPR noncompliance. To keep your holidays stress-free and profitable, be sure to ramp up data security or find a good partner, like FastSpring, to have your back.