Author: Laurentiu Munteanu - Business Manager Specialist – OSF Digital.
The GDPR (General Data Protection Regulation) came into effect on May 25th, 2018 affecting all organizations located in the European Union (EU) as well as those who interact with EU citizens. Naturally, this law is having a major impact on ecommerce businesses and the way they obtain and process their customer’s data. This article provides insights on how merchants can simplify their day-to-day online shop management processes using the new product rollouts for the Salesforce Commerce Cloud platform to help them stay aligned with GDPR regulations.
Personal data and how to ensure you respect the GDPR
Let’s start with defining the term ‘personal data.’ Under GDPR, ‘personal data’ means any information related to an identified or identifiable natural person and includes the following: name, address and location data, email, identification number, online identifiers like IP address and cookie ID, as well as information related to physical, physiological, mental, economic, cultural or social identity.
Merchants now are obligated to respect the four core principles of GDPR: data deletion and the “right to be forgotten,” restriction of processing, data portability, and consent management.
- Data Deletion and the “Right to be Forgotten”
Customers are now able to request the deletion of their personal data. For ecommerce purposes, this refers to either customer record deletion or order deletion.
In Salesforce Commerce Cloud Business Manager, merchants can fulfill this request for both registered and guest users by navigating to Merchant Tools and using the Customer Deletion and Order Deletion options. Merchants should make sure that their deletion scope covers customer records, baskets, gift certificates, coupons, orders, analytics, Einstein, active data, Elastic Search, Account Manager, Control Center, as well as custom objects. All of this data can be removed through the corresponding Business Manager fields: Delete custom objects, Delete gift certificates, Delete tracking data, Management Data, Wishlists and payment instruments.
- Restriction of Processing
Shoppers are now able to put a halt to a merchant’s ability to access or modify their personal information.
Within Commerce Cloud Digital, merchants should search for the customer record or the order number, create a data export with the help of the new snapshot module for data export and delete this information from the ecommerce store using the data deletion capabilities.
- Data Portability
Consumers can request a copy of all of their personal data that has been stored by a merchant.
With the help of the new Commerce Cloud Data Export Cartridge, companies can provide shoppers with a self-service option directly on the storefront (available for registered users only), or use the snapshot module to offer the requested information including customer profile, address book, payment, order history and wishlist information.
- Consent Management
Shoppers may decide not to consent to have their data processed for the purpose of user profiling, tracking or marketing communications.
To ensure they respect this preference, online sellers may use the new Commerce Cloud solution - "Do Not Track" flag for the Digital Script API for Session. This option activates the "Do Not Track" flag for every session the user enters into until explicit consent for tracking is obtained the via opt-in/ “I accept” field.
As with any new process, merchants may expect their team to go through some growing pains while they’re working to align all of their online shop management operations with GDPR. Companies should try to make sure that the team that handles their online store is up to date with all the most recent features of Business Manager. It’s important to support them with information, guidebooks or training if they are in need of additional assistance.
It’s in a companies’ best interest financially to comply with the principles outlined in GDPR, since failure to do so will lead to fines of up to 4% of their annual global revenue or 20 million Euros. Compliance is also important from a brand perspective as respecting GDPR’s policies helps to build a strong and trusting relationship with clients and will ensure that companies are able to provide a better customer experience for customers who have knowingly and consciously agreed to have their data collected and processed by the company.
