On May 25, 2018, new GDRP regulations will go into place. If you sell auto parts to citizens in the EU, the changes will apply to you!
If this is the first you’re hearing about it, don’t worry. We put together a simple breakdown of the new regulations and what it means for your parts website.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new set of rules going into place in the European Union (EU).
These new guidelines will change how personal information is collected, processed, and stored for citizens in the EU. It will go into place May 25, 2018.
In short, GDPR gives EU citizens more control over their personal data.
If you obtain and use data from EU-based citizens, then your site will be impacted! You will be responsible for GDPR even if you don’t have a physical presence in the EU.
- EU customers who browse or buy from your site
- Marketing targeted toward EU citizens
- Storing general EU consumer data
How should I prepare for GDPR?
Don’t save these changes until the last minute! Get your parts website GDPR-compliant as soon as possible to avoid the potential penalties.
1. Know the basics of GDPR and have a system in place for complying.
By reading this article, you’re already on track!
Under GDPR, EU citizens have the right to be “forgotten.” If they request it, their data must be completely removed from the system. Make sure your team knows what to do when a request comes in! (For RevolutionParts customers, submit a support ticket! More info below)
The updated policy should specify how you handle user data and what you track.
- How do you store data?
- Do any widgets or 3rd party scripts/companies on your site track user data? (i.e. Google Analytics, chat widget)
- Do you share data with 3rd party companies?
- Do all 3rd party companies you use comply with GDPR? (Like marketing companies)
- Do you mention how a user’s information could be removed?
Here are two recommended policy update examples. Please note that these are examples, and your own policy should be specific to your dealership!
- On storing data: “Your security is important to us. We anonymize any personal identifiable information (PII).”
- On removing user information: “In order to be forgotten or have data information removed, please contact us directly.”
Again, please note that the above statements are examples intended to help you brainstorm your own policy wording. Your dealership is responsible for the creation of its own policies.
3. Be aware of how customer data is stored.
If you’re storing customer data in non-digital locations, create a mental list of where. If an EU citizen wants to be forgotten, your hard copies will have to be destroyed as well.
- Do you write user data on paper?
- Do you store hard copies of user information?
- Do you transfer confidential user information via phone or email?
4. If you use Google Analytics, be aware of how this affects your data
VERY important for Google Analytics tracking!
As part of the GDPR, Google Analytics will delete data beyond 26 months old unless you make a manual change to your settings.
If you want to keep data older than 26 months, simply go into your Admin Settings, navigate to “Data Retention,” then adjust the setting for “user and event data retention.” Whatever you change the setting to, make sure it’s in compliance with your dealership’s privacy policies.
Here is a helpful screenshot from SEO Roundtable:
Click Here for a more in-depth guide on how to adjust your settings.
What happens when I get an EU order?
Nothing should change. Process and fulfill the order as normal!
EU-based shoppers will need to opt-in to terms and conditions before placing an order, but that won’t affect the fulfillment side of things.
What should I do if an EU citizen wants to be “forgotten” ?
As per GDPR guidelines, you must delete an EU citizen’s data if they request it.
With RevolutionParts, simply submit a support ticket with the following info:
- Customer’s Full Name
- Customer’s Email
- Customer’s Phone number
- Reason they wish to be forgotten
- Site they purchased from
We’ll take care of it from there! The EU user will be deleted and purged from the system.
Deleting user data is final and irreversible. We cannot recover user data for “forgotten” customers.
How will GDPR affect the customer experience?
US-based customers will not be affected. Their browsing experience will be exactly the same as before!
EU-based customers will see a few changes.
1. Placing an Order
EU customers will need to opt-in to terms and conditions before placing an order. They must agree to your site’s terms before they are able to purchase.
2. Creating an Account
EU customers will also need to opt-in to your site’s terms and conditions before they can create an account. Additionally, after creating the account they will automatically be opted out of marketing preferences. They will have to opt-in to newsletter and marketing preferences before you can email them.
RevolutionParts detects EU users in two ways:
- EU Billing or Shipping address
- EU IP at time of order being placed
What is RevolutionParts doing to help comply with GDPR?
In addition to removing EU customer data when you submit a support ticket, here’s what else we’re doing to help your parts website comply with GDPR.
- We’re removing personally identifiable information (PII) from cookies and user sessions
- We’re anonymizing customer information stored by RevolutionParts Google Analytics accounts (i.e. IP Address)
- We’re adding additional security features around account creation and verification
What happens if I don’t comply with GDPR?
Bad news! If your dealership isn’t in compliance, you could face a penalty of €20 million or 4% of worldwide revenue. (Read More)
You have until May 25th to make any necessary changes to your site. If you’re a RevolutionParts customer, contact support if you have any questions!