EU/UK buyers expect real GDPR programs — not footer boilerplate. Privacy, cookie consent, retention, and minimal RFQ fields pair with payment compliance for Online Trade.
Must-haves
- Privacy policy: controller, purposes, legal basis, transfers, DPO contact
- Cookie banner with categories; block non-essential until consent
- Terms/refunds for commerce; RFQ consent checkbox
- GA4 consent mode per attribution guide
Data minimization
Collect only quote-ready fields; define log retention; align forms with RFQ design and localization. Templates on Online Trade and Mall RFQ. Legal copy via inquiry; FAQ, news, contact.
Implementation checklist
- Privacy policy dated and reachable
- EU IP banner tested
- No non-essential cookies pre-consent
- DSAR/delete process documented
- Consent auditable on RFQ
Deep dive
EU buyers audit forms — privacy policy, cookie categories, retention, DSAR workflows. Templates copied without editing company details fail audits. Minimize RFQ fields; gate analytics with consent per GA4.
72-hour DSAR response is good practice even when not strictly mandated for all SMEs.
Related reading
Plans & conversion
EU copy packs on Online Trade; RFQ privacy on Mall RFQ. Request policy review.
Extended FAQ
Q: UK GDPR? Parallel UK rules post-Brexit.
Q: Data in China? SCCs/legal review advised.
