Logo for obvy's magazine for professionals

The media for online payments and transactions

GDPR: What Is the Impact on Your Marketplace?

With the General Data Protection Regulation (GDPR) coming into force in 2018, the digital landscape has undergone significant changes. For marketplaces, the regulation introduced new responsibilities regarding the collection, storage and processing of users' personal data. Marketplaces, as online platforms for sellers and buyers to interact, are subject to specific obligations under the GDPR. Data protection practices are stricter than ever.

What is the GDPR?

The GDPR is a European Union regulation aimed at protecting the privacy and personal data of Europeans. The GDPR meaning the General Data Protection Regulation officially is called EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 relating to data protection.

Why can collecting data be useful for a marketplace?

Applying the GDPR in an electronic marketplace requires a systematic approach and a series of specific measures. First of all, it is important to identify the personal data that your marketplace can collect, process and store. This may include :

  • Last name First Name
  • E-mail address
  • Address
  • Phone number
  • Purchase history

The purpose of collecting this data is to improve the user experience and operations management. Thanks to the collection of data on your marketplace, you will be able to:

  • Personalize the user experience by recommending suitable products or services (using purchase history);
  • Propose new offers, promotions and platform news;
  • Analyze transactions and understand the types of needs of your customers then adapt your offer accordingly;
  • Identify market trends and remain competitive based on demand;
  • Know the preferences and needs of your users;

 

GDPR has transformed the way online platforms can handle users' personal data, prompting them to implement stronger data protection policies and practices than ever before.

Explicit consent and transparency: the keys to data collection

One of the main obligations of the GDPR is to ensure that data collection is based on the explicit consent of the user. Marketplaces are required to request clear and specific authorization from users, such as through cookie management mechanisms. Indeed, the latter fully fall within the scope of the GDPR.

Cookies, widely used on commercial sites, are an integral part of the data collection process. They are used to track user browsing and provide targeted advertising: they must comply with data protection rules. In order to be fully compliant with the GDPR, you must ensure that the cookies policy put in place is clear and easily accessible.

Your duty is to inform your users that some of their data may be collected, to explain to them the purpose of this collection as well as how their data will be used in a transparent manner.

In addition to the cookie management tool, the marketplace must remain completely clear on how it operates. This means that you must provide detailed information about the data processing practice and be completely transparent to your users.

Ensure the security of your users’ sensitive data: a top priority

This may seem like a no-brainer, but safety is arguably the most important thing. Collecting data can be an interesting process, but it is essential to always keep in mind that users share sensitive information on your marketplace, such as their banking information. In this context, environmental security is of paramount importance.

Users show great trust by sharing their personal data on your marketplace, which must ensure that user data will be correctly processed, while respecting their privacy. Failure to respect this can damage the relationship of trust towards your website.

The e-reputation of your marketplace will build loyalty among your users and encourage sellers to go specifically to your website.

We have also written an article which shares the anti-fraud measures necessary for peer-to-peer marketplaces which we invite you to read.

The right to erasure, a GDPR obligation

Also known as the "right to be forgotten", the right to erasure gives users the possibility of requesting the erasure of their personal data. Marketplaces must put in place regulatory processes to respond to this request because they can request the deletion of their personal data.

The GDPR also gives users the right to data portability. This means that they can request that their personal data be transferred to another service if necessary.

In the event of non-compliance with the GDPR, the European Union Regulation provides for considerable financial penalties. You must take these obligations seriously to avoid significant fines.

Fines for GDPR non-compliance can reach up to 4% of a company's global annual turnover or €20 million, whichever is greater.

GDPR compliance challenges for marketplaces: limited resources

Compliance with the General Data Protection Regulation (GDPR) represents a significant challenge for a marketplace, especially when its resources are limited. In an ever-changing business environment, ensuring consumer privacy is protected while complying with legal obligations can be complex and costly for your site.

One of the main concerns when complying with GDPR is the appointment of a Data Protection Officer (DPO). A DPO is a specialist data protection professional who oversees the company's compliance with data protection regulations. However, hiring or appointing a DPO can represent a considerable financial investment.

Although the cost of a DPO can be a challenge, there are some options:

  • Outsource the DPO: call on an external consultant
  • Set up internal training: if you have internal resources, it is possible to train a team member to take on the role of DPO. This requires extensive training
  • Invest in a technology solution: this option can simplify your data management and automate certain aspects of compliance

Although GDPR compliance can be seen as a challenge, it is essential to ensure the protection of your users' data. Respecting these rules is a guarantee of confidence for its consumers. The GDPR is not just a legal obligation, it also allows you to create a lasting relationship with your customers.

Obvy, a complete solution for managing your online transactions

GDPR has created an environment where data protection is not only a necessity, but also an added value for marketplaces.

Obvy offers an all-in-one solution for online goods and services sales platforms, whether e-commerce sites, marketplaces, software publishers, etc.

With Obvy, you benefit from all the most popular services and payment methods to collect and pay, in a highly secure environment.

However, Obvy doesn’t stop there!

Obvy provides a multitude of turnkey services and functionalities (payment, delivery, security, user and transaction management platform, dispute resolution, promotional campaigns, etc.) which allow you to manage all of your transactions, from placing a product on sale upon payment and delivery of goods or services.

This way, you avoid the challenges related to transaction management while relying on a global solution capable of guaranteeing a high level of customization, compatibility with your activity, an optimal user experience, and scalability that will allow you to explore new growth levers.