Episode 4 – How does GDPR legislation affect online stores?

  1. A few words about the AA Data Box?

AA Data Box was founded based on my and my partner’s, lawyer Alis Pătlăgeanu, passion for data privacy. She is in charge of the legal aspect, while I am in charge of information security and, of course, the management of privacy programs in various businesses and fields.

  1. What does GDPR legislation have to do with online stores?

When we talk about the digital environment, the digital space, and all the different types of businesses involved, we are referring to two different legal frameworks: Regulation 679, also known as the General Data Protection Regulation (GDPR) and the 2002 Directive.

What you should know is that the concept of email marketing does not appear in GDPR.

Instead, the concept of Digital Marketing appears once in Preamble 70, and it is stated very clearly that when personal data are processed for the purpose of Direct Marketing, the user should have the right to object to this type of processing, as well as in the creation of profiles, in the sense of Direct Marketing.

In a nutshell, what actions should operators take? To not process personal data unless they have obtained prior consent. Of course, the operator must take technical and organizational precautions, such as training those who have access to these databases and their email addresses. On the other hand, security measures, including access control mechanisms and, if possible, pseudonyms, must be implemented.

  1. What are the most common scenarios involving GDPR non-compliance?

When we look at the fines imposed by the authority, the first thing that comes to mind is the violation of the data subjects’ rights. That is, if a user requests one of their rights (access, information held by a company, or deletion), we, the company, must set it in motion and respond within 30 days.

Other fines were imposed for failure to comply with Article 32, which deals with the implementation of technical and organizational measures and the security of personal data, as well as for the operators’ failure to comply with the Romanian Supervisory Authority’s requests.

  1. Can fines be imposed on online stores as a result of their customers?

People have begun to understand their rights as a result of GDPR, and they began to warn and submit requests to the authorities for any type of irregularity they discovered.