Bohdan Manolea, founder of Trusted.ro, invited to Digital Lead, explained the elements that online stores must follow in order to comply with the GDPR policy.
Mădălina Stănescu and Bogdan Manolea, founder of Trusted.ro, Digital LeadPhoto: HotNews.ro (Adi Jacob)
The main ideas of Digital Lead:
- Online stores must display data for 3 types of activities performed: sales of products or services, customer service, and marketing/advertising activities.
- for all 3 types of activities, the online store must answer questions such as: what data it collects, for what purpose, who has access to it, how long it is stored and when it is deleted, how it protects the data (including third parties, e.g. e-commerce platform). Based on them, the data privacy policy will be formulated.
- we are allowed to collect personal data from general categories if we follow the principles (adequate purpose, user information, data security). In the case of data related to health, political orientation, religion, they can be collected only if the online store falls under specific rules set out in the law.
- the GDPR notification must be made before the data is collected (e.g. in the order form, from the first step if the process includes several steps).
- the responsibility before the law and responsibility for the data belongs to the owner of the online store, even if the business operates on an e-commerce platform.
- any internal interaction with the collected data that goes beyond what the online store has defined in the GDPR policy (for example, the access of an employee of a department other than the sales department to customer data) is considered a breach of personal data security. In this case, the online store is obliged to notify Data Protection within 72 hours from the moment it became aware of the violation.
- fines for non-compliance with the GDPR policy range from a warning to 2-4% of turnover. The most common penalties apply to unsolicited commercial messages.
- in 2021, 36 fines were applied for a total of 371,131.95 lei, according to the annual report of the ANSPDCP. There were also 5,006 complaints, reports and security incident reports, and 691 investigations were opened.
See the full interview on StartupCafe.ro.
Source: Hot News
Mary Robinson is a renowned journalist in the field of Automobile. She currently works as a writer at 247 news reel. With a keen eye for detail and a passion for all things Automotive, Mary’s writing provides readers with in-depth analysis and unique perspectives on the latest developments in the field.