Confused about GDPR? Ask your questions here!

The GDPR (General Data Protection Regulation) is a new, European-wide law that comes into force on 25th May 2018. It is designed to give people increased protection and control over their data, and place greater obligations on how all organisations, large and small, handle personal data.

As an online seller, you will be collecting data such as a customer’s name, email address or postal address. So even if you just sell a few of your products online, the GDPR applies to you.

Most aspects of the new regulations are best practice so, in many cases, you may already be doing them, but there are other things that you will need to change or document in order to comply.

There are definitely some grey areas and some aspects that are causing confusion, so we thought it would be helpful to have a place where you can ask questions and we will try our best to answer - or direct you to somewhere where you can get more advice. So ask away!

You may also find answers to your questions in our blog post, which has lots of information and useful links http://blog.folksy.com/2018/04/17/gdpr-need-independent-designer-maker

Hi, I’m a very simple seller I dont do mail outs etc as I hate them myself, but I do use paypal, which keeps customers details in my account page. So how do I keep this in line with the GDPR?

That’s a great question. Paypal must also comply with the new regulations too, and they are updating their Privacy Policy in May in line with the new regulations > https://www.paypal.com/uk/webapps/mpp/ua/upcoming-policies-full

For your part, you need to keep access to your Paypal account as secure as possible, so the personal data stored on your Paypal account (eg customers’ names and addresses) remains confidential. In practice this means just making sure your password is safe, that you don’t access your Paypal account on shared computers (or always log out afterwards) and that if you have the Paypal app installed on your phone or on a tablet, then you need a password or a fingerprint to open your phone.

We are also currently working on a new Seller’s Privacy Policy which will be included on all shops, and this will inform customers that all PayPal transactions are subject to the PayPal Privacy Policy, and likewise with Stripe.

I hope that helps.

Brilliant thank you

I just read the email and blog that you sent…it is a bit of a nightmare scenario isn’t it?
I know you have to “sort of” read between the lines but then I read about the fact that we might have to pay a fee for something…mention of registering, paying, possibly consulting solicitors.
This is going to take away my livelihood …sounds quite horrendous to me. I am not going into panic mode just yet…but creating, painting and crochet is my life and gives me something to dream about each day.
There is no way I can afford fees…padlocked filing cabinets…(a fire in the garden sounds like my best bet…cynical humour there). I am on a low pension and the money I earn from my selling helps towards the bills…I can envisage me sitting here in an armchair with a blanket, staring endlessly out of the window…OK…maybe a bit negative…
I don;t store anything online…the world has gone crazy…(Just MY thoughts!)
…

I just did the ICO questionnaire online to see if I needed to register and I don’t because I don’t store any data online…but most people I know DO…and they will have to register !!!..I can tare up a piece of paper or burn it…Others that read this…it is worth doing the questionnaire that Folksy sent…just 5 quick questions to answer.

Brenda I had a look at that - you can go through an online question thingy and I came out as not needing to register so don’t panic. I think I am going to have to lock up my humble accounts book even though it just has names and items sold!

Di x

I just did it and added to my comment above…x

don’t you have data in your emails though Brenda?

I suppose I do but it only asked if you stored data…once I have got the details on my laptop , I delete them…I have them written down in a book but can burn that!!

Don’t panic, Brenda!
You don’t need to pay any fees, except if you need to be registered with the ICO, but if you’ve done the questionnaire and it says ‘no’ then that’s fine!
The GDPR is intended to protect people’s personal data and although all businesses do need to comply, I don’t think they’re going to be going after very small independent sellers here. It’s more about doing what you can to ensure you are keeping people’s data safe and protecting their information, and documenting what you do.

I’ve been dealing with this a bit in my ‘real job’. Like said above, they’re not going to be so worried about small online sellers, the data we Folksy sellers have is not what is considered high risk as we’ll generally just have names and addresses. They’re more concerned about places that hold data about people’s financial records, medical info, criminal records, that kind of thing - that’s higher risk, and we’ve had to fill in much more info about those kinds of clients at work than clients where we only hold very basic info. I don’t think any of us here have anything to worry about and certainly wouldn’t need to pay any fees anywhere to comply with these new rules.

Where was the questionnaire that you did?

Do the proof of postage receipts you get from the post office count as keeping personal data? I normally keep them for a few months just incase something happens to the item in transit.

Camilla @folksycontent - is the privacy policy going to be editable allowing us to tailor it to our own situation. I may be wrong but I believe we have to state what we do with and how we store the data which may be different for different sellers.

I’ve been working on my own privacy policy - etsy have an example which I’ve been adapting for use on there and on my own website and now this (they have given permission to adapt). Etsy say they’ll let us know where to put our own policies when they’ve allocated a place and I’ve put a slightly shortened version in my T&C on my website (Folksy are the only guidelines I’ve seen that says to put it in the footer of EVERY page but I haven’t a clue how to do that and the web designer is uncooperative) - where do we put it in our Folksy shop?

Folksy sent out an email and I clicked on the Folksy BLOG about it. The link to the ICO questionnaire was on there…hope that helps…it is only 5 questions…easy to answer.

I’m confused - are we controllers or processors?

As a one person business you are both the controller and the processor - you decide what is going to happen to the data and then you do it. (You may also have a third party processor eg mail chimp but as the controller you have to make sure that what they do on your behalf follows GDPR)

That makes sense thank you