General Data Protection Regulation (GDPR) may be defined as the international set of well-defined and strict rules of data protection. According to the Treaty on the Functioning of the European Union and the Charter of Fundamental Rights of the European Union, “everyone has the right to the protection of personal data concerning him or her” (Regulation (EU) 2016/679, 2016, para. 1). GDPR legislation enhances people’s ability to access their personal information and place limits on the organizations’ manipulations with data. In contrast with the previous law, GDPR established the companies’ responsibility for the security of personal data on the basis of the accountability principle.
The new system is characterized by lawfulness, fairness, data minimization, purpose and storage limitations, confidentiality, integrity, and accuracy. The fundamental principles of GDPR currently include:
- Transparency in the use and management of personal information;
- Protection of personal data through appropriate legal practices;
- Limitation of data processing according to particular legitimate purposes;
- Limitation of the storage and collection of personal data to legitimate purposes;
- Storage of personal information exclusively for the period defined by the purpose of its collection;
- Individuals’ ability to act on personal data, correct it, or request its deletion.
GDPR legislation focuses on the protection of all types of personal data. Traditionally, they include a person’s name, date of birth, health information, sexual orientation, ethnic and racial origin, religious beliefs, political opinions, location data, online username, cookie identifiers, IP addresses. The main features of GDPR should be currently applied to UK-online retailers as well. First of all, they should collect personal information related only to the process of purchasing. In addition, websites for online orders should be encrypted to avoid data leakage. Consumers have the right to be informed, to erasure, to data portability, to restrict processing, and to independent decision-making concerning their personal data.
From a personal perspective, being an international and well-known company in the sphere of motorcycling, the Visor Shop has a solid reputation in the online selling of its products. There is an insignificant possibility that it requires additional customer information that is not related to the shipment. It has 30 years of experience and pays particular attention to every customer under the vision statement “At TheVisorShop.com we value every order – no matter how big or small – and that’s what we aim to do, every time” (‘About us’, no date, para. 6). The company will continue to promote its products in the Internet with the help of online advertising systems and make worldwide shipments under GDPR legislation as well. However, it should apply personal data documentation to comply with the regulation’s principles. Moreover, the Visor Shop will provide its consumers with access to personal information upon their request.
The GDPR compliance model implies the application of the fundamental principles dedicated to personal data protection not only by companies located in Europe but international organizations that offer products or services to EU citizens. As data transfers outside the European Union are substantively restricted, Salesforce offers incorporated Privacy Shield certification, the European Commission’s Standard Contractual Clauses, and Processor Binding Corporate Rules to ensure customers that their data is protected (‘Regional Privacy Laws’, no date). Small online businesses may apply B2C Commerce Cloud, Quip, or Pardot (‘Products’, no date). These products help to provide the safety of personal information and create secure and transparent customer experiences.
Reference List
Regulation (EU) 2016/679 of the European Parliament and of the Council (2016).