GDPR Compliance (EU)

This add-on helps you comply with the GDPR, a European Union regulation on personal data processing. The add-on by itself doesn’t guarantee compliance with the GDPR; it only gives you the tools to achieve compliance.

What Is GDPR About?

The General Data Protection Regulation describes how you can acquire, store, and process personal data of citizens and residents of the European Union. Here are some of the important points of the regulation (with references to the GDPR Articles):

  1. In most cases (Article 6) you’ll need an explicit permission to collect and use someone’s personal data. You’ll also need proof that such permission was given (Article 7).
  2. When you collect personal data, you need to inform people who you are, why you need their data, how you’ll use it, and more (Article 13).
  3. People have the right to withdraw their consent at any time (Article 7), to request a copy of their personal data (Article 20), and “to be forgotten” (Article 17).
  4. Fines for non-compliance can be up to €20,000,000 or 4% of the company’s total worldwide annual turnover (Article 83).
  5. The regulation applies outside of the European Union as well, as long as you process personal data of EU citizens and residents (Article 3).

We don’t claim to have summarized an 80-page law in one article. But as you can see, these points do affect online stores. For example, when a customer gives you an email address for account registration or newsletter subscription, that counts as personal data processing too.

How Does the Add-on Help to Comply with GDPR?

Tools to Manage Personal Data

  • A tab with all the personal data of a customer that appears on the customer editing page.

  • The ability to export personal data of a customer to an XML file on request.

  • The ability to anonymize a customer, replacing all his or her personal data with randomly-generated information on request.

    Note

    Customers have to request their personal data or anonymization by sending an email to the address you specify in the notices about personal data processing. However, you can make sending a GDRP-related email easier for your customers.

    The personal data of a customer in the admin panel.