In the first instance, I'm confused with the GDPR/Brexit situation as a new UK online seller (not offering shipping outside of the UK) and I'm confused about what the actual legal ramifications are for such a small time seller generally if something isn't covered in my policy.
Given how every man and his dog seems to have a Shopify store now, I'm surprised there isn't some kind of simple guideline for these business operations which have less complexity than a car boot sale or market stall. I am collecting names, emails and addresses for order purposes like everyone else and then WooCommerce/Paypal is doing the rest, which to be honest remains a bit ambiguous to me. I mean, does anyone really know what Paypal or these eCommerce platforms are doing with data? Do you just need to put their current party line into your policy? Can't I just link to their policies?