If you have not yet heard of the GDPR, then don’t worry. If you’re a PushCommerce customer, we’re here to help you get things sorted.
What is it?
The GDPR is the European Union’s new data privacy law and changes how companies process and use the personal data of European users.
The primary objective of the GDPR is to give control of personal data back to ‘the people’, and requires companies to take steps to help secure personal data and a person’s right of control.
Once GDPR takes effect it will reconcile other data protection regulations and acts throughout the EU. It provides individuals with certain rights over their personal data, including a right to access, correct, delete, and restrict processing of their data.
The GDPR will apply to you if you are processing the personal data of European users, e.g. If you store email addresses to send out customer newsletters, etc.
When is it due?
It comes into effect on the 25th May 2018.
What do I need to do?
If you have not already started preparing for the change then these may help to get you started:
- Are you registered with the Information Commissioner’s Office?
- Look at how you obtain consent to comply with GDPRs requirements?
- How and where will you store this consent?
- How will you fulfil a customer’s right to access, correct, erase, and export their data?
- If you’re using third party applications/companies to support your store, do they comply with GDPR?
- What is your retention period for data? Bear in mind here that local law takes precedent over GDPR for example in cases of Tax, VAT, etc.
- How will people submit Subject Access Requests to you? And how will you deal with them?
- Ensure your journey to GDPR compliance is well documented; show what you have done and why you believe you are compliant.
What is PushCommerce doing?
We are hard at work to not only insure we’re compliant but that your store is too. We’re adding consent boxes for customers on checkout and saving this information in the customer records for you. You’ll also see our GDPR page go up as a help document soon in case you need some assistance.
If you have any specific questions for us, please don’t hesitate to get in touch on firstname.lastname@example.org.
If you would like to find out more, these links may be useful:
Please note that this blog is for informative purposes only, and should not be relied upon as legal advice. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organisation.