Online Shop / E-Commerce
Selling online means regulatory obligations stack up fast.
E-commerce sites process payments, ship goods, and handle customer data at scale. This triggers GDPR, ePrivacy, consumer protection law, and potentially NIS2 if you exceed size thresholds.
Vérification de la réalité
If a data breach exposed your customer database tomorrow, could you notify the authorities within 72 hours?
GDPR (General Data Protection Regulation)
mandatory Art. 6(1)(b), Art. 20, Art. 33, Art. 35Vos obligations
- Legal basis for order processing (Art. 6(1)(b) contract)
- Separate consent for marketing beyond order fulfillment
- Right to data portability for customer data
- Breach notification within 72 hours (Art. 33)
- Data retention policy (don't keep data forever)
- DPAs with payment providers, shipping, analytics
SiteGuardian surveille cela
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Risque en cas de non-conformité
Fines up to 4% of global turnover. Customer lawsuits. Payment processor sanctions. Loss of merchant account.
ePrivacy Directive (Cookie Consent)
mandatory Art. 5(3)Vos obligations
- Cookie consent for all non-essential cookies
- Separate consent for remarketing/retargeting
- No pre-checked consent boxes
SiteGuardian surveille cela
- Pre-consent cookie and tracker detection
- Cookie banner presence and configuration analysis
- Reject option validation
- Consent mode compatibility check
Risque en cas de non-conformité
Advertising spend wasted on non-compliant targeting. Platform bans (Google, Meta) for consent violations.
NIS2 Directive (Cybersecurity)
conditional Art. 21, Art. 23Vos obligations
- Risk management measures (Art. 21)
- Incident reporting within 24h (Art. 23)
- Supply chain security assessment
- Business continuity planning
SiteGuardian surveille cela
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Risque en cas de non-conformité
Applies if >50 employees or >€10M turnover. Management liability. Fines up to €10M or 2% of turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Vos obligations
- Accessible checkout process
- Product information in accessible formats
- Accessible customer service channels
SiteGuardian surveille cela
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Risque en cas de non-conformité
E-commerce services must comply from June 2025. Customers can file complaints with market surveillance.
Cela vous concerne-t-il ?
Si vous répondez oui à 2 ou plus, ces réglementations s'appliquent très probablement à votre entreprise.
Voyez où vous en êtes
Notre scanner gratuit vérifie la posture de sécurité de votre site, SSL, en-têtes, authentification e-mail et plus. Aucun compte requis.
Scan your shop's security postureCette page fournit des informations générales sur les cadres réglementaires de l'UE. Elle ne constitue pas un avis juridique. Consultez un professionnel du droit qualifié pour des conseils adaptés à votre situation. SiteGuardian documente votre surveillance en continu — la conformité relève de la responsabilité de votre organisation.