What is essential for any merchant to know about GDPR compliance?
- It doesn’t matter whether you are located in the EU or any other part of the world – if you handle personal data of at least one individual from EU, your shop should be GDPR compliant. It is not about the store, it is about the customer’s protection.
- GDPR has a broad definition of personal data, it is not only about name, ID numbers or email address, but also financial info, IP address, social network posts. To cut it short if any information is related to person’s identity, it is under GDPR.
- Your shop can store or process the data only if a person gave a consent for that, and it still should be deleted upon request and data breaches should be reported about to authorities and the persons’ affected in 3 days after it’s discovery
To make sure your web store is GDPR compliant you will need to review all the extensions you have as being developed by third parties, extensions may store or send information to different locations than Magento itself.
Thus, to confirm GDPR compliance, there is a need to review all the contracts with the third parties and have some sort of consultation with a legal counsel.
The next steps would make it easy to get your Magento shop GDPR compliant:
- Install EU Cookie Law Compliance Magento module.
Magento 2 – https://marketplace.magento.com/wapone-module-cookie-notification.html
Magento1 – https://www.magecloud.net/marketplace/extension/eu-cookie-law-compliance-3/
- Update the pages, the terms and conditions informing that your webshop processes personal data and stores cookie files.
- It should be pointed out that a person can get more info or accept the conditions
- To get subscribed for a newspaper, your customer should tick it. There should be a separate consent forms at
- your website for your customers to subscribe for your newsletter, to accept terms and conditions and form of consent for other ways of using data
- An option stating “Newsletter Subscriptions” should be added to your customer’s account
Other things nice to be done
You need to make it transparent for your customers letting know what the information will be used for and how long it will be stored by the system.
There is also a need to update the terms and conditions at your website regarding to GDPR terminology.
So, getting your Magento webstore GDPR compliant is easy though essential, please contact our experts at firstname.lastname@example.org to sort this out for you.