While the General Data Protection Regulation (GDPR) was ratified in May 2016, it will only be enforced from May 2018 and brings greater responsibilities for ecommerce businesses, irrespective of size, that hold data about EU citizens and visitors.

Personal data is anything that can identify a “natural person” and can include information such as a name, a photo, a physical or email address, shoe size, billing histories and online identifiers such as IP addresses, cookie strings or mobile device IDs. The GDPR will impact any online retail store that collects data sourced from their websites, apps, emails or any other means that results in data being retained in an internal database.