Sign in
Courtesy navigation
Blog posts tagged data protection
Are you legal and decent?
December 08, 2009
Like every area of business these days, there’s lots of red tape and ecommerce has its own rules and regulations. Just remember, though, it’s up to you to comply with the law. Here are my tips to help you ensure your online store meets UK regulations.
1 VAT
If your annual revenue exceeds £68,000 you must be VAT registered. If you're below this threshold, you don't have to worry about charging VAT and it would actually be against the law to do so. There are some finer points to be aware of, too. For instance, if your products are a mixture of those requiring VAT to be charged, and those exempt from VAT, VAT charged on shipping should be in proportion. Make sure your ecommerce solution can handle all of the tax rules.
2 US import rules
The UK is part of the EU, obviously, so we’re bound by its rules. It’s not the same when handling US orders. The individual US states might want to charge tax on sales into their area, but it’s their responsibility to levy this tax. You don’t have to charge this “use tax”, which is between the buyer and the state where they live. As a UK business, you can sell into the US tax free – but you should make your customers aware that they may be charged tax on the goods when they’re imported.
3 EU Distance Selling Directive
Under this Directive, you must provide full contact details – including an address, phone number, email and company and VAT registration numbers – where applicable. Do it anyway – it helps to build trust.
The same Directive dictates that you must accept return of any items purchased within seven working days and failing to inform buyers of their rights has penalties. But why not make this a selling point?
4 Data Protection
You must register with the Information Commissioner’s Office if you hold data on people (eg customers). Registering takes some time and effort, but is inexpensive and fairly straight forward.
5 Email opt-in
If you want to email newsletters or offers to prospective customers, you must gain their consent in the form of a statement that the customers agree to receive communications. You must also give them an option to decline.
Emails involved in fulfilling orders or answering specific sales enquiries do not need this provision. When you send marketing messages there must be a free method of opting out each time you send an email. This itself can be by email. The regulations apply to communications with individuals, not businesses.
6 Disability legislation
Since 2004, by law, businesses have had to take “reasonable” steps to provide access to people with disabilities – and this includes your website. Ensure all images have alternate text tags, so visually impaired people can still navigate your site.
7 Libel on social media
Libel laws also apply to blogs, Twitter, Faceback, etc. Remember also that your words remain on record forever – so think before you type that competitor put-down.
8 PCI DSS
Protecting payment card data is crucial and the banks require compliance under the Payment Card Industry Data Security Standard (PCI DSS). Compliance is compulsory for anyone who accepts and stores debit/credit card details either on computer or on paper.
More information on PCI DSS can be found at https://www.pcisecuritystandards.org.
You can meet PCI DSS in one of two ways:
- Use a payment service provider (PSP) such as PayPal, WorldPay or Actinic Payments (if you use my company’s shopping cart). Your customers and employees only ever enter card details into the site of the PSP. That way, the PSP does most of the worrying about compliance and you are left with some straight forward actions. This is the best option for small retailers.
- Make your own infrastructure fully compliant. This is a difficult route and for the majority of smaller businesses, achieving proper compliance will probably not be practical or cost-effective. The total one-off cost is likely to exceed £45,000 plus ongoing fees.
9 3D Secure
3D Secure – known as “Verified by Visa” and “Mastercard SecureCode” – is a sort of online chip and PIN system. Online buyers are prompted to enter a password whenever they use their card. The password is sent directly to Visa or Mastercard and they approve the transaction (or decline). This is gradually becoming compulsory and you should consult your bank and PSP on how to comply.
10 Let the world know
Finally, assuming you are legal and decent, let the world know. Anything that adds to your credibility will help you online, so list all of the things that you have done under the heading “We comply with the following legal and tax regulations”.
If you are a start-up, these rules may seem to big a mountain to climb. But there are two things to remember. Firstly, do your best to comply. Secondly, if you’re correctly challenged, then immediately take corrective measures. With the exception of VAT transgressions, in most cases this will be enough to avoid business damage or prosecution.
Is your data up-to-date?
October 19, 2009
This week I wanted to talk about and touch upon data cleansing as, in a recession, it is perhaps even more important to keep your data up to date. After all, many of us are trying to cut costs wherever we can but we also know when to make the right investments in order to continue to speak to our current clients, and on the flipside of that acquire meaningful and deeply researched data that will enable you to be speaking to the right companies for the products and/or services that you deliver.
Over time, companies collect a significant amount of existing client and new client data. They can have entire databases of lapsed, current and potential client data but it is not necessarily all accurate and actionable data.
Data cleansing is something that should be done at least twice a year (business data often decays at the rate of up to 40% per year). If you want to make the most of your existing client data so you can keep running effective campaigns, it could be time to take a second look at your existing database.
Removing incorrect details can save you time and money when prospecting potential clients, speaking to existing clients or speaking to lapsed clients.
If client data is entered incorrectly, it can cause data headaches at a later date. If that same piece of data is entered differently more than once then the two opposing records can result in an inefficient process, confused and untrusting potential clients and confused sales staff.
If you store data such as physical addresses, phone numbers or email addresses you need to make sure that the rate of duplication kept to an absolute minimum – hence my recommendation to cleanse your data at least twice a year –more if it is in consistent use. Precise data is essential business incorrect data can very easily impede on your otherwise successful sales and marketing campaigns.
So is this the sort of exercise you would like to do in-house?
Some companies do this in-house and we have seen some businesses are very good at this, but it is hard to keep up motivation and salespeople often feel their time could be better spent making money for the company (and themselves!) than cleansing data.
Outsourcing the cleansing of your data is a much more efficient, easy and less costly exercise and you can get your be sales and marketing data in great shape without the headaches of doing it in-house.
Employ a professional organisation to give you a full data audit and you’ll be left with valid, de-duplicated data on prospects that are ready to be engaged. The data cleansing exercise will systematically go through your data and ensure that the records your teams use remain accurate. At the same time, you can unleash a two-pronged attack on your data, cleansing it one on hand and using that data to provide new sales and marketing leads for your staff to close on the other.
Matthew Baker, Resonata Data Consultancy
Starting a new business - free advice, tools and resources | Start Up Donut
Copyright © 2009-2012
