What Amazon Sellers Need to Know About GDPR Compliance

Unbeknownst to me, my friend Paul O’Mahony ran a GDPR compliance webinar this past Sunday, and I just got my hands on the recording.

The recording link below is not an affiliate link. It points to a BASIC explanation of what GDPR entails, with two case studies of the impact of GDPR on companies like yours.

I am not suggesting that you buy Paul’s training. I have not seen the training content nor can I vouch for the quality or completeness of it – although I can vouch for Paul’s honesty and integrity.

What I AM suggesting, though, is that you watch the video up to its 01:05:00 mark (after that, the sales pitch for the training begins).

GDPR Applies to YOU!

Again, I remind you that compliance to GDPR is required of ANY company, no matter how small, that trades anywhere within the EU to EU nationals.

Yes, that means you, even if you are based in the US, Canada, Israel, China … and of course, if you live in the EU.

So, even after spending the last 3-4 months deeply embroiled in the GDPR compliance implementation for SL, after watching this video, I STILL managed to learn a few more things that I did not know.

GDPR Compliance Requirements

  • There is a MANDATORY requirement to register with the UK Information Commission office (or the equivalent in any EU member state). If you register before May 25, you pay the standard registration fee which is a flat £35/year. After the 25th, the registration fee will be based on the size/type of business and the fee can run into the 1,000’s of GBP
  • Wait for this one … You have an obligation to vet your affiliates and make sure they are GDPR compliant!! For us, that means we will simply be shutting down our affiliate program. It is simply too risky/onerous to have affiliate deals as there is no way we can ascertain their level of compliance.
  • And the next one is a pain in the neck, but luckily, we at SL are close to having this one nailed: You have an obligation to vet that your VAs are equally GDPR compliant.

And there are a few I’ll throw in for good measure, which isn’t discussed in the video below, but it’s just worth alerting you to it:

  •  If you are trading in the EU and are not located in the EU, you have an obligation to hire a data privacy representative to handle your interactions with the regulators
  • If you have a significant volume of EU buyers, you may need to appoint a Data Protection Officer to keep you compliant. Because that person needs to be independent, The DPO cannot be you as the owner of the company. In our case at SL, that means we need to hire someone to perform that task.

Here is the video link:


The recording will expire in a bit more than a couple of days. Up until the 01:05:00, it is a public information service free of sales pitches.