What is GDPR?
General Data Privacy Regulations (GDPR) is a set of privacy security standards adopted by EU and is officially in compliance from the 25th of May 2018.
Who does it affect?
It affects all that sells products/services to customers located within the EU, even if the store itself is not located within EU.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of their annual turnover for not being compliance with GDPR. Maximum fine could be €20 Million if it is less than 4% of their annual turnover.
Magento GDPR Compliance Checklist
1. Update Privacy and Terms of Service Information with information that clearly answers to the following:
- What information is being collected?
- Who is collecting it?
- How is it collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What will be the effect of this on the individuals concerned?
- Is the intended use likely to cause individuals to object or complain?
- Clear data retention policy statement
2. Cookie consent
Visitors to the website needs to be presented with option to accept or deny the use of cookies.
3. Explicit Opt-In for accepting the sites privacy policy and for any subscriptions during checkout/account creaion.
All opt-ins have to be explicitly selected by the customer, pre-checked boxes or formulations in fine print is NOT allowed.
4. Opt-out available for all subscriptions
All subscriptions and all saved data options must have easy accessible opt-out options.
5. Removal or anonymization of Person data.
There needs to be easy accessible options for customers to request their personal information to be deleted or anonymized.
6. Access to all customer data
Under GDPR customers have the right to request a full copy of all personal ta saved on them in the Magento store.
To make Magento GDPR compliance easier, you can use a Magento GDPR compliance extension:
Magento 2:
GDPR for Magento 2 by Amasty
Lets you create privacy policies, collect users consents for personal data processing, and manage all the privacy issues within a single tool.
- Create and update privacy policy, manage documentation versions
- Collect user consents on the registration and checkout pages
- Manage consents on the customers grid
- Enable customers to download, anonymize, and request to delete their profile data
- Configure the cookie policy bar to inform users or collect consents
- License: Commercial
- Open Source: Yes
GDPR for Magento 2 by Aheadworks
Provides the necessary toolset to comply with some of the most essential GDPR regulations.
- Dedicated functionality allows you to comply with GDPR, specifically the right to be informed, access, erasure, and data portability rights
- Data protection policy consents are collected on registration, checkout, and other pages
- Improved customer accounts allow customers to ask to delete or copy their personal data
- Customer verification mechanism protects data against fraudulent activity
- Extension grids segment customers by their statuses and intentions
- The API provided allows retrieving and deleting data from third-party applications
- License: Commercial
- Open Source: Yes
Magento 1:
GDPR for Magento 1 by Amasty
Lets you create privacy policies, collect users consents for personal data processing, and manage all the privacy issues within a single tool.
- Comply with the EU’s GDPR and various legislative requirements
- Create and update your privacy policy, manage document versions
- Email users about privacy policy updates and ask for consent
- Manage customer consents on the grid
- Allow customers to download, anonymize or request to delete personal data
- Configure the cookie policy bar to inform users or collect consents
- License: Commercial
- Open Source: Yes
Leave a Reply