On May 25, 2018, one of the largest, most comprehensive data privacy laws to date will be in full force.
The General Data Protection Regulation is a new data privacy law that impacts all those who hope to do business by offering goods or services to the citizens of the EU. Conducting your business online means there is the likelihood that you have international bidders or spectators in your auctions. Thus, auctioneers should take precaution and be sure they are GDPR compliant. The set of laws are strict, and the fines are hefty. As such, we put together an introductory guide to help auctioneers understand GDPR and become GDPR compliant.
GDPR In A Nutshell
As the name infers, General Data Protection Regulation was passed with the intention to protect consumers’ data by enforcing companies’ ethical data collection. Specifically, it gives European citizens the right to review, modify, delete, or restrict the way their data is processed. GDPR defines personal data as “any information relating to an identified or identifiable natural person.” These are broad terms, so it’s best to be prepared. An identifiable natural person is an individual that can be identified, directly or indirectly by reference to an identifier. Identifiers can include names, identification numbers, location data, and online identifiers.
What is personal data under the GDPR – infographic by Jessica Lam of Lawinfographic.com – read full article
Why should I care about GDPR?
As an auctioneer, you do business with all sorts of people from all over. This begs the question – Do you know who’s on your mailing lists, your online auctions, or your website? This is such an important question. If you are uncertain, it’s time to take the steps to become GDPR compliant. Infringements can lead to fines of up to 20 million euros ($23. 6 million) or 4% of the total worldwide annual turnover of the preceding financial year, whichever is greater. Needless to say, It’s better to be safe than sorry. Here are some common auctioneer practices that could potentially violate the law.
- Compiling information belonging to buyers, sellers, clerks, and spectators.
If you’re auctioning online, it’s safe to say you have a database that contains the names of these individuals along with their addresses, emails, and credit card information. Yes, even usernames and paddle numbers count as unique identifiers.
- Marketing efforts, such as email blasts, analytics, and chat services.
Marketing emails are important tools for any business whether or not they are conducted online. You may have obtained these email addresses with the consent of your customers. However, that means nothing under the law unless confirmed consent is acquired. Your website may also collect analytics, and although they may never sign a form containing their personal information, you could be collecting such things as IP, user device, etc. via cookies. This also applies to any information obtained by built-in chat services.
How you can become GDPR compliant
The information the auction house collects and how that information is collected
This is where you should break down the information collected from every part of your site. All of it. Notify those who visit your site why you’ve collected that data. This can mean tracking data used for analytics, cookies that allow the site to remember your users, and personally identifiable information collected when users register for billing purposes. If you share this information in any way with any third party companies such as a shipping company or an e-mail delivery service that sends out your auction house’s e-mails or e-newsletters, specify that as well. Try to convey all this in terms that an average user would understand.
Their rights concerning collected data
Under the GDPR, users should be in full control of their data. If at any point they wish to review, edit, or redact their information, they need the ability to do so. Most importantly, they must be made aware of this upon the initial data collection.
The site’s email policy
When a user enters their email address anywhere on the site, they must be notified how that will be used. After registration, it is likely that the auction house will be sending them transactional emails. In addition, the auction house may be sending them alerts of upcoming auctions, auction closings, or auction extensions. This must be specified. It is also necessary to allow them the option to opt-out of such emails.
Necessary data for your auction software functionality
In its most simple terms, this is a dawn of a new era in data protection laws. And, daunting as it may seem, many more laws like this will surely follow. As such, we hope you’ve found this a helpful resource to begin preparing for GDPR and those laws to follow.