Blog » 5 TIPS TO OPERATE A GDPR-COMPLIANT E-SHOP IN HUNGARY
5 TIPS TO OPERATE A GDPR-COMPLIANT E-SHOP IN HUNGARY
26 February 2018
Do you operate a small e-shop and think that GDPR and data protection concerns only giants like Amazon? Let’s just face it: you could not be more wrong. Think of the mere fact that your customers are private persons and you process at least their name, e-mail address and address. Before totally panicking from the realisation that GDPR applies to your e-shop, too, take a deep breath and read our 5 tips how your e-shop can be GDPR-compliant.
Among others you shall inform your customers for which purpose you process their data, who will possibly receive this data, how long you retain the data and what are their rights in relation with your processing activity.
2. Do you send newsletters?
Do you send newsletter to your customers? Excellent marketing tool but bear in mind that there are only few things that can annoy your customers more than unwanted messages. And we all know that pissed-off customers tend to make complaints before the Data Protection Authority.
Therefore, always ensure that your newsletter addressee list is up-to-date. If you rely on the customer’s consent (subscription) make sure that it is freely given, so please forget the pre-checked consent boxes.
Also, you have to provide the possibility to your customer to withdraw his consent to receiving newsletters from you, for example by having an “unsubscribe” button.
3. Do you use profiling?
Do you send 10 % discount offer to your customer for premium coffee if he ordered a coffee machine 2 weeks ago? Or do you send an e-mail reminder to the customer that he added some products the cart but has not bought them? How nice of you. But do not forget that this is called profiling and you have to inform your customers about it.
You also need to inform your customer about the basic logic of such profiling based on automated decision-making and its consequences. To return to the first example you have to clearly tell your customer that you will send customized offers to him based on his last orders.
Your customer may always object to the processing of his personal data for profiling for direct marketing purposes and you have to inform them about this possibility.
4. Do you have subcontractors?
Do you ship the purchased products to the customers’ home? This is exactly one of the benefits of an e-shop. Nevertheless, you have to remember that you transfer your customers’ certain personal data to the haulier who delivers the goods.
The haulier in this context will be considered as a data processor and you as a data controller have to conclude a precise contract with him dealing with certain specialities of the data processing.
Same applies for your IT service provider, your external accountant or direct marketing agency, in short for every third party who processes the personal data of your customers in accordance with your instructions.
5. Do you record phone calls?
Do you operate a customer helpdesk with a hotline number that customers can call? It is very customer-friendly but remember that if you record the calls this will have GDPR-related consequences.
Indeed, people often forget that the voice is also considered as personal data and for the processing the same rules shall apply when you would process the data subject name, birth date or address.
Thus, for instance, before starting to record the call, you clearly have to inform your customer that his call will be recorded and what is the purpose of the recording. Such meaningless information like ‘we record the call for quality assurance reasons’ won’t be precise enough under the GDPR.
To sum up to above, even if you only operate a small e-shop you will face several GDPR-related questions. Achieving GDPR-compliance is not rocket science but as you can see certain things simply cannot be ignored and you have to deal with them until May 2018.
ONLINE CONSUMER CONTRACTS – IS YOUR BUSINESS CONCERNED?
Black Friday is once again around us: the time when online shops and the consumer protection authority cash in some extra income every year. We guess you’ve already read about the extreme discounts and the record-breaking fines by the authorities, so in our article, we will explain, that without your knowledge, your own business can easily step into the field of consumer protection, in which case, your contracts are subject to special rules. In our article, we show you how you can recognize these situations and, of course, summarize the obligations.Read more »
HOW TO TRANSFER PERSONAL DATA TO NON-EEA COUNTRIES? - NEW EDPB RECOMMENDATION
Since in the middle of summer 2020, the Court of Justice of the EU (CJEU) invalidated the Privacy Shield and put into question the applicability of the standard contractual clauses, we were wating for guidance from the European Data Protection Board (EDPR) how to transfer personal data to non-EEA countries in a GDPR-compliant way. Finally, the EDPB broke the silence and provided a 6-step guide which we summarize in this short article.Read more »
THE SUPREME COURT RULED – FLEXIBLE WORKING TIME CAN ONLY BE ORDERED IN WRITING IN HUNGARY
It is often the case that the employer does not clearly regulate the employment relationship of the employees, which later leads to an employment lawsuit. This happened in the case before the Hungarian Supreme Court, where a legal dispute arose in connection with the employee's work schedule, the stake is the payment of several million forints of overtime work compensation to the employee. In our short article, we analyze the Supreme Court’s decision and draw conclusions on how the employer can avoid similar situations.Read more »