The General Data Protection Regulation (GDPR), scheduled to go into effect May 25, 2018, impacts Cratejoy merchants who are either based in Europe or sell to European customers.
In preparation for the changes, we’ve put together a list of steps Cratejoy is taking to comply with GDPR as well as a few you can take to protect your business.
While we are committed to merchant education, the information below should not be interpreted as legal advice nor as a specific recommendation of any legal understanding. If the GDPR applies to you, we recommend you consult with an attorney who can advise you on how you should interpret this new privacy law and recommend steps toward compliance.
How Cratejoy is preparing for the GDPR
- The GDPR doesn’t require personal data to be stored in Europe, only that the data is appropriately protected. Personal data stored by Cratejoy is compliant under the GDPR.
- Cratejoy evaluated all consent practices in accordance with the GDPR’s high standard for consent and added tools for merchants to provide explicit consent at checkout to their customers.
- Cratejoy trained key internal teams on GDPR practices, enabling them to provide information about data collection and processing practices when requested.
How you can prepare for the GDPR
As merchants work towards GDPR compliance, some Cratejoy-adjacent topics to consider might include:
- Collecting Customer Information in Surveys. Consider what information you collect about your customers if you use pre-purchase or post-purchase surveys to customize your subscription for your customers. Be sure to explain how and why that information is collected, and how it will be used.
- Mailing lists and integrations, like MailChimp and Sumo. If you use popular email list signup forms like MailChimp or Sumo, consider documenting in the signup form exactly what your customers are signing up for, and how their email address might be used.
- Internal documentation. Start documenting internal procedures on the processing and storage of personal data across services you might use.
Tools for working toward GDPR Compliance
Cratejoy wants to help you as they work towards GDPR compliance, with the following tools, topics, and suggestions.
Cratejoy now provides an updated checkout setting, that makes it easy to collect a customer’s marketing preference at checkout. Learn more here.
Data Erasure Requests
For more info, check out The Information Commissioner’s Office’s comprehensive guide on the GDPR and attaining compliance.
Again, any EU customer with requests for personal data information or deletion can reach out to firstname.lastname@example.org for assistance.