As of 25 May 2018, the General Data Protection Regulation (GDPR) will apply in all member states of the European Union and replace the previous regulations on the protection of personal data. German online retailers are also obliged to implement the new directive. According to a recent study by the certification service provider Trusted Shops, however, the e-commerce industry is not yet prepared for this to a large extent.

Working with personal data cut both ways: On the one hand, online retailers want to use the data collected in business operations to gain new knowledge about their customers, and on the other hand, data protection guidelines set clear limits to this intention. The implementation date of the GDPR in May 2018 will change the rules of the game, at least in part. Instead of adapting to the upcoming changes, a large part of the German e-commerce sector reveals serious knowledge gaps in a survey of Trusted Shops.

A third of the retailers surveyed have not yet heard of the GDPR

Thus, only two thirds of the surveyed online retailers (64 percent) have heard of the GDPR so far. As a result, every third retailer is not even aware that data protection regulations will change next year. Accordingly, ignorance of which innovations need to be implemented in practice is widespread. Not even every second online retailer (46 percent) can name the changes affecting him. “In view of these knowledge deficits, it does not seem surprising that two-thirds of the online retailers surveyed have still not made any preparations to adapt the processes to the new requirements – regardless of the decreasing timeframe”, reports Rafael Gomez-Lus, data protection expert at Trusted Shops.

In any case, opinions on the benefits of the GDPR are divided. While 30 percent of the interviewees support the new EU directive, 31 percent are more sceptical. 39 percent have not yet formed an opinion on the new data protection regulations – possibly also because of the above-mentioned knowledge gaps. In view of the implementation of the DSGVO, almost half (48 percent) also anticipate a noticeable increase in expenditure.

“Only just 30 percent of the online retailers surveyed have apparently taken any precautions at all so far. Certainly, this is due to a considerable extent to a lack of knowledge, but also to the complexity of the topic”, explains Gomez-Lus. However, inaction could lead to serious consequences. Finally, the scope of penalties for infringements following the implementation of the GDPR will increase dramatically: up to 20 million euros or 4 percent of the annual worldwide group turnover – whichever is the higher – can be imposed as maximum fines. Therefore online merchants should not lose any time in implementing the regulation.

Image source: Fotolia / tanaonte