General Data Protection Regulation (GDPR) launched back in 2016 & became a game changer for all the existing businesses that are selling goods or services internationally or across EU countries. New legislation was developed to serve data protection & privacy for all individuals living in the EU countries aim to control how their personal information is being used by the businesses. Eu has set a deadline to 25th may 2018 and now it’s time to break deal that comes into force. Read the blog till the last word and you are ready with a checklist to implement GDPR in your Magento store within just a few steps.
Unfortunately, even if you want to ignore GDPR you can’t because the penalty of 20 million Euros or up to 4% of your global revenue is enough to break your business.
What is GDPR?
According to an Official resource,
The EU brings General Data Protection Regulation (GDPR) which is the most important change in data privacy regulation in last 20 years. After four years of preparation & debate, the GDPR was finally approved by the EU Parliament on 14 April 2016 & set enforcement date to 25 May 2018. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
The term ‘personal data’ has now new definition according to GDPR, not only information provided by the customer but also IP addresses and other things that related to the customer will fall under this low. It also brings a new set of “digital rights” for EU citizens in this digital economy that governs personal information is stored and transferred.
GDPR For Magento Store Customers
GDPR gives rights to each and every individual to know how their information is accessed, processed and how long it will be stored & secured on the business server. Stepping into new rights that every individual get once GDPR comes into implementation.
- Right to know and access information that company or individuals hold.
- Right to know the reason behind storing and processing collected data.
- Right to know how long information is stored.
- Right to know who is accessing that information and how is proceed.
- Right to get access to their personal stored data.
- Right to ask to correct information which is inappropriate.
- Right to remove information if an individual can ask you to delete the data if it’s no longer used or the purpose for which it was collected is fulfilled.
Because you have now full control over your own information you can tell the organization to remove data and backup too.
GDPR For Magento Store Owners
To deal with GDPR, you need to become transparent while serving the information regarding the way you handle & proceeds personal data or the data shared to third-party services that you using on your platform. Well, it’s not compulsory under the rule of GDPR but it’s advisable to implement technical & organizational measurements to ensure a level of security on your store.
Any personal information that is collected by your Store to proceed orders like name, address, country, email, number etc. along with cookies & IP addresses that are used to track the activity of customer. Not just the data saved on your server, but also including all data that are hosted on other platforms or shared with 3rd parties are included in this law. And if anyone asks to access their data within a month, you have to respond transparently to your customer by using plain & easily understandable language in response by avoiding complicated terms that may confuse your customer. We advise you to keep personal information only retained as long as you need.
Every time, you must ask your customer before collecting their personal information by putting a notice on store frontend. For that purpose, you can use MageComp cookie extension to quickly notify your store customer effectively.
Also, the extension used by the store owner, whether it is purchased from the marketplace or somewhere else store owner must have an idea that how extension uses personal information or send to external services.
Magento VS GDPR
Well, now you are ready to implement GDPR in Magento & the good news is Magento is Pre-ready for GDPR. Enabling these rights will not require any customization to Magento store or its products. Also, Magento has officially released documentation for the understanding flow of how & what personal information is stored by the Magento Commerce application and how merchants can assist these individuals with the rights given by EU law. Also, Magento has advised every store owner updating store policy to comply with EU law. Not only this Magento has planned a lot like an implementation of database level encryption and a lot more to in future updates.
But as of now, it’s advisable to keep only required customer attributes while creating an account, signing up for an account and other information that can be easily managed by you from store backend. Because it used a long-term cookie on the shopper’s machine that stores following information like…
- Shopping Cart
- Currently Compared Products
- Comparison History
- Recently Viewed Products
- Customer Group Membership and Segmentation
The store owner can turn off all these features off at the store level and information stored in this cookie become anonymized.
What if I don’t implement GDPR?
According to EU, if your business failed to implement GDPR, they have rights to hit penalty to your business 20 million Euros or up to 4% of your global revenue. Seems like a nightmare, right? We will advise you to implement GDPR because maybe it is difficult for now but it will give more freedom to your store customers that turn your customer into a happy customer and it worthless at all.
Our GDPR Checklist – 10 Steps to Success.
After a lot of research, we finally pop out with 10 points that will help you to comply with EU law.
- Move all your tracking’s to Google Tag Manager for convenience.
- Add cookie Compliance toolbar either on the header and footer of your website
- Ability to remove personal data on request of individuals.
- Ability opt-out individual from any subscription, by login into my account section of the store.
- Anonymize personal data that are not being used anymore.
- Perform vulnerability scan & penetration testing periodically.
- Grant access to data on request of individuals.
- Encryption of data using one of the regulatory compliance solutions.
- Notify the commission within 72 hours of a data breach of any kind.
MageComp Cookie Compliance for Both Magento 1 & 2
Because now you are done with GDPR, now its time to get your Magento store ready by Integrating Cookie Compliance Extension and finished remaining checklist steps. If you are still looking for help regarding GDPR comment down below or take professional advice for legal procedure.
Also, stay tuned with us, we will be back with an exciting Magento GDPR Compliance Extension featuring both Magento 1 & 2.
Lastly, tell us know in commment section, how you have implemented GDPR on your Magento store.