As if eCommerce wasn’t already complex enough, the need to protect shopper data at all costs has launched a series of new laws into effect. For example, the General Data Protection Regulation act (GDPR) that was enforced in May, 2018. This regulation gives control to members of the European Economic Area over their personal data and how it is being used by merchants — no matter where the merchant is located. In a recent survey, the majority of eCommerce brands indicated that they have had consumers exercise their rights under GDPR to remove their information from a brands’ systems.
See what else over 120 eCommerce leaders for top brands are saying in the 2020 eCommerce Leaders Survey.
Recently, California launched a similar law: the California Consumer Privacy Act (CCPA) that went into effect on Jan 1, 2020. CCPA places strict protections on shopper data originating from California. If your business sells to anyone in California, you are affected by this law. We all want control over our personal information, especially with the number of data breaches happening everyday. Just recently, retail giant J. Crew disclosed a major data breach that occurred last Spring. Customer data, such as login credentials, billing address, last four digits of credit card numbers, and more, were snatched by hackers.
How? J. Crew blames an “unauthorized party.” No wonder shoppers want their personal info out of the hands of eCommerce brands. No retailer is safe.
Brands are investing in protection
No brand wants to be subjected to the shame and headlines that come along with exposing shopper data to malicious hackers. But with privacy laws like GDPR and CCPA in place, retailers can also face huge fines and legal action against them if they are not in compliance at all times.
In the recently launched 2020 eCommerce Leaders Survey, Privacy Compliance is one of the top areas for investment for retail brands this year, beating out adding emerging features, mobile, and replatforming. Not only do brands know they need to adhere to these laws, they also understand the complexity it takes to do so.
Where the complexity arises
Remember that “unauthorized party” J. Crew blames for their data breach? Brands are catching on to the risks of adding 3rd party technologies on their websites, such as exposing shopper data and not being in compliance with privacy laws. In fact, 67% of brands surveyed said they are concerned that siloed customer data collected from these 3rd parties might impact their ability to fully comply with privacy laws; and the fact that at any given time, data collected from 3rd parties could make them become noncompliant without their knowledge.
That’s right — just because a brand is making sure shopper data is protected, it doesn’t mean that every 3rd party running on their site is. Considering that the average eCommerce site has between 40 and 60 3rd parties, and many brands aren’t even aware of all the 3rd party services running on their sites, let alone the shopper data they are collecting — this situation is more than complicated. It’s straight-up scary.
What can brands do?
Is going to every 3rd party technology provider and asking them if their technology is compliant “good enough?” Absolutely not. The fact is that there needs to be more due-diligence by brands. Even if that 3rd party vendor states they “are compliant with privacy laws” today, how can we know for sure? And if they are compliant today, how do we know they will be compliant tomorrow? In a month from now? Or during any big promotion or sale, when site traffic is overwhelming? eCommerce privacy compliance is simply not a “one-and-done” deal, but an ongoing effort due to customer data constantly being added to new 3rd parties, and technology constantly changing.
The major culprit of these issues is the general lack of visibility that eCommerce brands have when it comes to their sites. Brands need to be able to see every digital browser element, if those elements are changing at all, and the ability to turn them on and off by state or just at all. These are some of the things online retailers can do to stay on top of their shopper data safety and compliance to privacy laws:
- Inventory all 3rd parties and browser services on site
- Set up notifications to see if anything changes with those elements at any time
- Establish the ability to turn browser services on or off
- Clean up any “unwanted” or “unauthorized” services off of your site – especially your checkout page!
Want to see what’s on your site that could affect privacy laws? Get a free site evaluation today!