Preparing your CoreCommerce store for GDPR

The General Data Protection Regulation (GDPR), which comes into force on May 25th, 2018, aims to protect the fundamental right to privacy and the protection of personal data of European Union (EU) citizens. GDPR also addresses the export of personal data outside the EU. All companies processing and holding personal data of EU citizens, regardless of location, are subject to GDPR. Any entity (including websites) that processes EU citizens' personal data, markets in the EU, has site visitors from the EU, whether or not you or your business is located in the EU, is affected by this regulation.

CoreCommerce has made modifications to its Admin system which can be seen below and we have also updated our privacy policy to accommodate and comply with GDPR for our site visitors and clients from the EU.

What changes have been made to the Admin system for GDPR?

Data retrieval and erase features

Under GDPR, your clients will have the ability to download and view the personal data you have collected on them. This is found under the My Account login section of your website hosted by CoreCommerce. A consumer can also delete the personal information you have about them.

You as the store owner have the ability to click on any customer and retrieve, download and send information to your customers. Choose any customer by name and you have have the new EU options in the black and red boxes.

Data Correction

Another tenet of GDPR is the ability to edit and correct the personal information on your customers. Our Admin customer tab already allows you to view and edit customer data.

What happens to the order history once a customer's personal information has been deleted?

The CoreCommerce system will retain the order information and replace the name and address information with generic data, such as GDPR customer 1, 2, 3, etc. This way your order history, sales data and other company related information remains correct, all that we change is the name of the customer to the unidentifiable entity.

Cookies Notification Bar

Visitors to your website will be prompted to acknowledge that cookies are used on your site.  This prompt only occurs once and if clicked, does not appear to your visitors again. To turn this notification on, go to the top right of your Admin home screen, choose the Settings gear icon > Store Settings > Localization

To enable a cookies notification bar on your homepage header, enable this slider.

The notification bar will look like this line below:

Helpful Information related to GDPR

  • GDPR gives people the right to access, correct, delete, and restrict processing of their data, and sets out strict guidelines about how you need to get customers to agree that you can use their data (aka, consent). This is especially important if you're using your customers’ data for purposes beyond simply filling orders, like for marketing or advertising.

  • GDPR also makes it the merchant responsibility to protect that data (even if you’re using a processor like CoreCommerce to actually store that data), and to make sure that your customers and website visitors can exercise all the rights they now have.

  • What is personal info? If you collect or store any information that can be linked to an individual, that counts as personal data. Name, phone, email, location data, IP address, online Identifier such as "cookies".

  • Things to ask yourself:

    • Do you need to update your privacy policy, or change the disclosures you make to your customers?

    • If you’re using third-party applications or themes to support your store, do those apps or themes comply with GDPR? Sending marketing campaigns requires consent from your site visitors. If you're using our newsletters, MailChimp, Constant Contact or any other email marketing tools, this applies to you. While it is not obligatory under the GDPR when sending marketing emails to your own existing customers, you may request 'explicit consent' from your site visitors before sending them any marketing materials. In many cases, this can be accomplished by a check box next to your 'Subscribe' button, obliging your site visitors to check the box and confirm consent before subscribing to the newsletter.

  • Another reference point for more information and to familiarize yourself with the policies is GDPRandYou.

  • FAQ

    • Will every customer be able to delete their data inside their account? No, only customers from      the EU will see the GDPR buttons in their account and only they have the ability to download data about themselves and erase their data.

    • Does the ability to delete customer info apply only to those customers with an EU address or IP?  Regardless of country, you as the Admin can erase any customer's data.

    • The "cookies" notice... is that by EU IP address or to everyone? It is displayed to everyone - but once they click "I understand" it goes away permanently

Please contact us at or start a chat with us if you have any questions about our GDPR strategy.