“Compliance” may not sound exciting, but for ecommerce websites like Amazon, it’s a necessity to sell across state or international lines. Taxation, legal regulations and data privacy must all be properly addressed. Doing otherwise puts the entire business at risk.
Ecommerce compliance refers to how online businesses meet the regulatory requirements of the markets they’re selling in. This includes a broad collection of legal and ethical issues that impact most — or all — parts of the business. It’s vitally important to a company’s long-term success that it meets compliance standards at all times.
Successful compliance programs are never heard from. Failures, however, end up on the front page of the newspaper.
Gartner predicts that In 2023, 75% of consumers around the world will be covered by modern privacy laws, up from 10% in 2020. Data privacy is just one part of the business that must be addressed. There are dozens of others just like it.
The question of compliance impacts anyone that interacts with your company. A failure to meet legal standards may reduce customer confidence in your brand or make vendors less likely to work with you. You may have difficulty hiring top talent.
In the worst cases, your business license may be revoked.
Reaching and maintaining full compliance with all ecommerce-related regulations isn’t optional. It’s a mandatory business need, no matter if you’re running a global enterprise or a small business.
Risks include everything from class action lawsuits to government intervention to even criminal charges in extreme cases. Not properly following laws and regulations can place businesses in great peril.
Failing to meet labor laws may result in significant fines. Not following security standards may result in workplace accidents. Publicly traded companies that don’t meet transparency regulations may be sanctioned.
For ecommerce platforms, properly following all laws and operating ethically is not a choice. It’s a must for maintaining relationships with customers and partners.
Though many industries share common regulations that must be followed, ecommerce does have a few that are more specific to it. Parts of the business like shipping restrictions, customer privacy, international payments and insurance make ecommerce a little more unique than other business types.
Payment Card Industry (PCI) Data Security Standard (DSS) refers to commercial security standards around the handling of credit and debit card transactions. These unified industry standards ensure that all sales involving a credit card — be it online, point of sale (POS) or over the phone — are done so with the security of customer data a priority.
Being PCI compliant doesn’t involve just the actual transaction. Data must be protected at all times, in movement or at rest. Though this is the overarching intent of PCI DSS, the actual standards are ever evolving, along with the technology it impacts.
PCI DSS 4.0 was released in early 2022 and includes 12 specific requirements for compliance, ranging from information security to documentation to threat assessment.
The Children’s Online Privacy Protection Act (COPPA) of 1998 restricts the personal information websites may collect for children under the age of 13. It dictates what must be included in privacy policies, defines when to seek consent of a parent or guardian, the protection of children online and what can and cannot be marketed to them. Compliance can be burdensome, such that some ecommerce sites avoid products designed for children altogether.
European Union General Data Protection Regulation (GDPR) regulates processing data and private information across the EU, including companies outside the continent, but doing business in an EU country. It puts stricter regulations on the handling of personal and credit card data.
Though it is a wide-ranging measure, the focus of GDPR is restricting processing personal data unless there is a legal basis to do so. This directly impacts companies that make ecommerce sales in the EU.
GDPR was enacted in 2018 and since then several countries, including in North America, have used it as a model for their own data protection laws. Most notably, the state of California passed the California Consumer Privacy Act, which shares many similarities with GDPR.
Shipping can quickly become highly complicated, especially as international sales are introduced. Some products, like alcohol, fruits, vegetables and perishables are normally restricted, by either local laws or the shipping provider itself.
This may impact supply chains or vendor partnerships as well.
Within the United States, sales tax will differ from state to state and must be accurately included in the final charge. Failure to pay sales taxes in the state in which an item is sold comes with financial penalties.
If you sell internationally, the challenge is magnified. Across international borders, there are taxes, tariffs and duties. These are highly complex and difficult to navigate.
Many ecommerce companies use a third-party to calculate total shipping costs. BigCommerce leverages simple plugins to automate this process and remove most of the headaches.
Affiliate programs, like marketing agreements between brands and publishers, must meet guidelines around transparency set by the Federal Trade Commission. This is commonly seen with pieces in publications that are designed to appear to be editorial pieces, but are actually paid advertisements.
The FTC regulates deceptive practices and has penalties for acts it deems misrepresenting.
This is increasingly seen in the influencer marketing space, where YouTubers or social media accounts with large followings may be paid to advertise goods or services. However, they must also clearly state that their video or post includes paid advertisement.
There are legal restrictions over what businesses can say when making public claims, like with marketing messaging. A company that sells mattresses can’t claim that their products will cure diseases, of course. Any public claim must be evidence-based and be able to meet certain legal standards of accuracy.
Ecommerce compliance isn’t something that’s nice to have. It’s something you must have. Staying in the good graces of applicable laws means you’re doing business the right way. It may seem daunting at first, but there are platforms that can bring automation to your efforts and simply compliance issues.
Regardless, even discounting the risk of non-compliance, showing that you can do business in a proper and ethical way gives you credibility and shows that your company is one that can be trusted.
It’s possible. GDPR is specified for organizations that store or process the personal data of EU citizens. If you explicitly do not sell to EU member states, you are unlikely to be subject to GDPR regulations.
However, if you target EU citizens with marketing, translate websites into EU languages or provide pricing in local currency, like the euro, you will fall under the regulations.
That’s difficult to answer because you have to place different values on things that are all important. What’s more important, paying the correct amount of taxes or protecting the data of your customers? They’re both equally important. Being in compliance means following ALL rules and regulations, not just picking and choosing what appears to be the most important.
Maybe. The Americans with Disabilities Act (ADA) requires certain businesses to make accommodations for those with disabilities. For ecommerce companies, this may include making websites accessible for those with impaired vision through assistive technologies.
If your company has at least 15 full time employees and operates at least 20 hours out of the year or you provide public accommodation, you are subject to the ADA. This means providing “reasonable accessibility” to those with disabilities.