Share Image

GDPR and Bunting: What You Need to Know

Posted on Categories Bunting, Ecommerce, GDPR, Marketing, Website PersonalizationTags ,

25th May 2018 will no doubt be marked in the diaries of many a marketer.

It’s the date that General Data Protection Regulation (GDPR) comes into force, and all companies using EU citizens’ data need to comply. The new law regulates how businesses collect, use and protect the personal data of consumers, and hefty fines will hit those who don’t adhere.

Superseding the old Data Protection Act, the GDPR applies to personal data – and this time the definition is broader, referring to any data that can be used to identify an individual, including IP address.

We’re GDPR compliant

At Bunting, we use on-site shopping and behavioural data to personalize and improve the customer experience on websites. The majority of this data is not personal, but we do sometimes process a small amount of personal data such as email addresses. We only collect data that is necessary to perform the function of the tool.

Since last year, we’ve been preparing for the new regulation and working with our data protection lawyers. We’re fully GDPR compliant, having changed our internal processes as well as making important changes to the Bunting tool.

In our view, GDPR is a good thing, and has been worth the effort. It will allow consumers to control the usage of their personal data, meaning more rights that will force better practice in the industry. 

GDPR will put pressure on marketers to make their communications truly relevant, and, importantly, to get consent when necessary. Pre-ticked boxes will be a thing of the past as consumers can actively choose which marketing communications they want to receive.

What do companies need to do?

We recommend working with data protection legal professionals to do a full audit of the data flows within your organisation.  The ICO has some very clear guidance to follow on what you need to do.

Importantly, you’ll need to document how you comply with the GDPR, and you must establish your legal basis for using personal data. In some cases you’ll always need to rely on consent (such as email communications); in others, you may be able to rely on legitimate interests. 

From an ecommerce perspective, you must display a clear privacy notice detailing how and why you collect personal data. GDPR states it should be concise, written in clear and simple language, and easily accessible. Gone are the days of convoluted small print!

Check with your vendors

Bunting will be amending existing contracts with customers to include GDPR clauses, and Bunting users can find out here how to comply when using the Bunting tool. We recommend speaking to your vendors to ensure they are compliant, too, and get it in writing.

Amend your processes


You’ll need to make sure you’re compliant with the 8 Rights of Individuals under the GDPR – such as the right to access or rectify personal data. If you’re a Bunting customer, you’ll be able to implement your customers’ rights easily through the Bunting platform. Find out more about how to comply with the 8 rights here.

Get in touch…

While GDPR no doubt brings challenges, we do believe this to be a turning point in the industry which will ultimately lead to better, more focused marketing.

The Bunting team are happy to help with any of your questions. Contact us at gdpr [at] bunting [dot] com