Online Shop / E-Commerce
Selling online means regulatory obligations stack up fast.
E-commerce sites process payments, ship goods, and handle customer data at scale. This triggers GDPR, ePrivacy, consumer protection law, and potentially NIS2 if you exceed size thresholds.
Sprawdzian rzeczywistości
If a data breach exposed your customer database tomorrow, could you notify the authorities within 72 hours?
GDPR (General Data Protection Regulation)
mandatory Art. 6(1)(b), Art. 20, Art. 33, Art. 35Twoje obowiązki
- Legal basis for order processing (Art. 6(1)(b) contract)
- Separate consent for marketing beyond order fulfillment
- Right to data portability for customer data
- Breach notification within 72 hours (Art. 33)
- Data retention policy (don't keep data forever)
- DPAs with payment providers, shipping, analytics
SiteGuardian to monitoruje
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Ryzyko w przypadku zignorowania
Fines up to 4% of global turnover. Customer lawsuits. Payment processor sanctions. Loss of merchant account.
ePrivacy Directive (Cookie Consent)
mandatory Art. 5(3)Twoje obowiązki
- Cookie consent for all non-essential cookies
- Separate consent for remarketing/retargeting
- No pre-checked consent boxes
SiteGuardian to monitoruje
- Pre-consent cookie and tracker detection
- Cookie banner presence and configuration analysis
- Reject option validation
- Consent mode compatibility check
Ryzyko w przypadku zignorowania
Advertising spend wasted on non-compliant targeting. Platform bans (Google, Meta) for consent violations.
NIS2 Directive (Cybersecurity)
conditional Art. 21, Art. 23Twoje obowiązki
- Risk management measures (Art. 21)
- Incident reporting within 24h (Art. 23)
- Supply chain security assessment
- Business continuity planning
SiteGuardian to monitoruje
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Ryzyko w przypadku zignorowania
Applies if >50 employees or >€10M turnover. Management liability. Fines up to €10M or 2% of turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Twoje obowiązki
- Accessible checkout process
- Product information in accessible formats
- Accessible customer service channels
SiteGuardian to monitoruje
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Ryzyko w przypadku zignorowania
E-commerce services must comply from June 2025. Customers can file complaints with market surveillance.
Czy to dotyczy Ciebie?
Jeśli odpowiesz tak na 2 lub więcej, te przepisy bardzo prawdopodobnie dotyczą Twojej firmy.
Sprawdź, gdzie stoisz
Nasz darmowy skaner sprawdza stan bezpieczeństwa Twojej strony, SSL, nagłówki, uwierzytelnianie e-mail i więcej. Bez rejestracji.
Scan your shop's security postureTa strona zawiera ogólne informacje o ramach regulacyjnych UE. Nie stanowi porady prawnej. Skonsultuj się z wykwalifikowanym prawnikiem w celu uzyskania porady dostosowanej do Twojej sytuacji. SiteGuardian dokumentuje Twój monitoring w sposób ciągły — zgodność jest obowiązkiem Twojej organizacji.