Imagine you are looking to buy a new barbeque online. You find one you want, and the website looks the part, but the identity of the business is completely hidden, as is its location, how to contact them directly, and what they do with your information. This lack of transparency is a red flag. It is possibly a dubious site for information security. Don’t allow your website to present your business in this way.
The European Union General Data Protection Regulation (the GDPR) is a series of information protection requirements. This European Standard applies to any Australian business that does business with consumers in the EU. The GDPR has a lot of similarities with the Australian Privacy Act 1988, but there are a few differences, (eg: the ‘right to be forgotten’ and the requirement to allow visitors to opt-out of tracking cookies). Decide whether the GDPR applies to your business, so you’ll know if you need to comply with their data handling practices which are more extensive than your obligations under the Australian legislation.
Provide clarity for your customer on what you do with their information, how it is stored, and how long it is retained. For example, that you use the address and phone number for shipping purposes, or that cookies are used for advertising to the customer in their web browser in the future. Customers will also want to be certain that information will not be shared with third parties.