Are you running your own sales platform and looking for information on RODO? The regulation introduced has changed a lot in terms of data protection, but the new rules still cause problems for businesses when it comes to implementing them correctly. Don't want this problem to affect you too? Then be sure to check out what we have prepared for you - below you will find answers to the most important questions! 
RODO in an online shop - what is it?
The RODO regulation was introduced in 2018 by the Parliament and the Council of Europe - it encapsulates the rules on the processing of personal data within the European Union, which all businesses must comply with. RODO requires us to:
- provide the customer with a set of information about the collection of his or her personal data, e.g. when placing an order or creating an account;
- comply with the principles contained in the regulation, which include: collecting and processing data only for specific, legitimate purposes; retaining customer data only for as long as necessary; applying appropriate safeguards to minimise the risk of leakage of confidential information; maintaining absolute confidentiality - this means protecting data from third parties;
- to document the actions taken in relation to the implementation of the RODO principles;
- do a broad risk analysis - we need to clearly identify the risks surrounding data processing and the safeguards we will take to avoid leaks.
It is worth mentioning that the provisions of RODO do not impose in advance a specific set of documents that must be prepared in order for a business to be compliant with the regulation. Each entrepreneur is obliged to decide for themselves how to adapt their business to RODO - everything really depends on the type of company, as well as the specifics of their customers.
Adapting your online shop to RODO - where do I start?
At the outset, we need to specify exactly which buyers we are dealing with. This is not a difficult task at all - we simply need to think carefully about what we are dealing with in our business. In the case of an online shop, we most often collect personal data of consumers during:
- order processing;
- sales on various sites, such as Allegro;
- carrying out marketing and advertising campaigns;
- newsletter mailing;
- bookkeeping.
If you are hiring employees, remember that you are also collecting and processing their data for recruitment and eventual hiring purposes. The provisions of the DPA go beyond just sales - they apply to the whole company, meaning all the data you process.
Implementation of RODO in an online shop - sample documents
As we mentioned earlier, there is no predefined catalogue of documents that every entrepreneur should prepare. However, in order to better understand what exactly is involved, it is useful to use an example. In the case of an online shop, the catalogue of documents relating to the RODO regulations should include:
- terms and conditions of the sales platform;
- privacy policy;
- cookie policy;
- security policy;
- the list of persons authorised to process personal data;
- sample forms prepared for buyers - including complaints and withdrawals;
- an information system management manual;
- register of activities carried out in relation to the processing of personal data;
- model declaration of consent to collect and process customer/employee information;
- log of incidents involving personal data breaches.
RODO in practice - what are our obligations to the regulation?
Once we have dealt with assembling the catalogue of documents, carried out the risk analysis and made the necessary safeguards, there are other important obligations under the RODO. These are:
- issuing authorisations for employees with access to customer data;
- signing of entrustment agreements with the companies to which we transfer buyer information;
- informing consumers that we are collecting their personal data - this also applies to places outside the online platform (we have to do this in a stationary shop, for example).
RODO-compliant online shop - organise your user data
Before the introduction of the RODO regulation, sales platform owners stored customer data, often without knowing what they would use it for. Therefore, it is important to check carefully whether all the information you are collecting is useful - do the necessary clean-up of your database. Remember that, following the introduction of RODO, you have the right to store only information that is necessary for order processing or other necessary purposes. A tidier database will also certainly make it easier to transfer files to the consumer at their own request - every customer has the right to make a request for their data. Your shop should be prepared for this.
Choose InPost Subscriptions for businesses and send parcels at a fixed price.
Take one minute to leave your contact details and start sending parcels from as low as 11.89 PLN*.
- One contract for courier and Paczkomat shipments
- Free courier pickups
- Express delivery
- Price guarantee for the duration of the contract
- Fuel surcharge included
- Dedicated post-sale support
* Net price per Paczkomat shipment in the Subscription 600 plan.
Czytaj również
