The EU’s General Data Protection Regulation (GDPR) (or "Die Datenschutz-Grundverordnung" - DSGVO - in German) comes into effect 25 May 2018. But what does this mean for your Shopify e-commerce business?
What is the GDPR?
The GDPR will force any company in the European Union, and those who do business inside the EU, to comply with strict new rules regarding the collection, storage and use of customer data.
The GDPR places equal gravitas on all forms of customer data: photos, social media posts, IP addresses, bank details and any identifying numbers such as NI or SSNs. All customer data regardless of origin should be opt-in only, stored securely and used only with the customer's permission.
However, the GDPR rules are not set in stone. They have asked for a “reasonable” level of security to be provided, leaving a grey area as to if social media data should be treated the same as bank credentials. One thing is clear, users must give clear opt-in consent for their data to be stored and used in any way. Pre-filled consent checkboxes and consent hidden in long T&C's will be a thing of the past.
What has Shopify already done to prepare for the GDPR?
- They have updated their Terms of Service (TOS) for all merchants to automatically include a Data Processing Addendum governing how Shopify processes the personal data of European customers. More info here.
- They have updated their marketing opt-in to allow merchants to set it up as unchecked for their store, and also allowed merchants to tie abandoned cart notifications to whether the customer has opted into marketing. More info here.
- They've prepared a white-paper to explain how they are approaching certain legal requirements under the GDPR. Download their PDF info here.
Shopify has also rolled out a feature that allows you to request that individual customer records be deleted. Additionally, you can request all of the information Shopify has collected about a certain customer. Both features you can find on each customer's profile in Shopify (see screenshot below). When you request that individual customer records be deleted, Shopify will also be propagating these requests to the relevant apps you have installed on your store.
If you have further questions or if you need help on your Shopify journey just send us a email or leave a comment below.