Ir para o conteúdo principal
Todos os cenários

Online Shop / E-Commerce

Selling online means regulatory obligations stack up fast.

E-commerce sites process payments, ship goods, and handle customer data at scale. This triggers GDPR, ePrivacy, consumer protection law, and potentially NIS2 if you exceed size thresholds.

Verificação da realidade

If a data breach exposed your customer database tomorrow, could you notify the authorities within 72 hours?

GDPR (General Data Protection Regulation)

mandatory Art. 6(1)(b), Art. 20, Art. 33, Art. 35

As suas obrigações

  • Legal basis for order processing (Art. 6(1)(b) contract)
  • Separate consent for marketing beyond order fulfillment
  • Right to data portability for customer data
  • Breach notification within 72 hours (Art. 33)
  • Data retention policy (don't keep data forever)
  • DPAs with payment providers, shipping, analytics

O SiteGuardian monitoriza isto

  • TLS/HTTPS encryption monitoring
  • Automated cookie consent detection
  • Security headers analysis
  • Email transport encryption checks
  • Breach notification SLA tracking (72h)
  • Digital DPA/AVV signing

Risco se ignorado

Fines up to 4% of global turnover. Customer lawsuits. Payment processor sanctions. Loss of merchant account.

ePrivacy Directive (Cookie Consent)

mandatory Art. 5(3)

As suas obrigações

  • Cookie consent for all non-essential cookies
  • Separate consent for remarketing/retargeting
  • No pre-checked consent boxes

O SiteGuardian monitoriza isto

  • Pre-consent cookie and tracker detection
  • Cookie banner presence and configuration analysis
  • Reject option validation
  • Consent mode compatibility check

Risco se ignorado

Advertising spend wasted on non-compliant targeting. Platform bans (Google, Meta) for consent violations.

NIS2 Directive (Cybersecurity)

conditional Art. 21, Art. 23

As suas obrigações

  • Risk management measures (Art. 21)
  • Incident reporting within 24h (Art. 23)
  • Supply chain security assessment
  • Business continuity planning

O SiteGuardian monitoriza isto

  • 24h/72h/1m incident reporting SLA
  • DNSSEC and DNS security monitoring
  • Security headers and TLS enforcement
  • Uptime and availability monitoring
  • Supply chain risk scoring
  • Incident auto-classification (NIS2 Art. 23)

Risco se ignorado

Applies if >50 employees or >€10M turnover. Management liability. Fines up to €10M or 2% of turnover.

European Accessibility Act (EAA)

mandatory Art. 4, Art. 13, Art. 31

As suas obrigações

  • Accessible checkout process
  • Product information in accessible formats
  • Accessible customer service channels

O SiteGuardian monitoriza isto

  • WCAG 2.2 Level AA conformance auditing
  • Automated accessibility scoring
  • Violation severity breakdown and remediation hints
  • Daily accessibility scans

Risco se ignorado

E-commerce services must comply from June 2025. Customers can file complaints with market surveillance.

Isto aplica-se a si?

Se responder sim a 2 ou mais, estes regulamentos muito provavelmente aplicam-se ao seu negócio.

Veja onde está

O nosso scanner gratuito verifica a postura de segurança do seu site, SSL, cabeçalhos, autenticação de e-mail e mais. Sem necessidade de conta.

Scan your shop's security posture
Ver todos os cenários · Diretório regulamentar da UE · Plano Compliance

Esta página fornece informações gerais sobre os quadros regulamentares da UE. Não constitui aconselhamento jurídico. Consulte um profissional jurídico qualificado para obter aconselhamento específico à sua situação. O SiteGuardian documenta a sua monitorização de forma contínua — a conformidade é da responsabilidade da sua organização.