Preparing your CoreCommerce store for GDPR
The General Data Protection Regulation (GDPR), which comes into force on May 25th, 2018, aims to protect the fundamental right to privacy and the protection of personal data of European Union (EU) citizens. GDPR also addresses the export of personal data outside the EU. All companies processing and holding personal data of EU citizens, regardless of location, are subject to GDPR. Any entity (including websites) that processes EU citizens' personal data, markets in the EU, has site visitors from the EU, whether or not you or your business is located in the EU, is affected by this regulation.
What changes have been made to the Admin system for GDPR?
Data retrieval and erase features
Under GDPR, your clients will have the ability to download and view the personal data you have collected on them. This is found under the My Account login section of your website hosted by CoreCommerce. A consumer can also delete the personal information you have about them.
You as the store owner have the ability to click on any customer and retrieve, download and send information to your customers. Choose any customer by name and you have have the new EU options in the black and red boxes.
Another tenet of GDPR is the ability to edit and correct the personal information on your customers. Our Admin customer tab already allows you to view and edit customer data.
What happens to the order history once a customer's personal information has been deleted?
The CoreCommerce system will retain the order information and replace the name and address information with generic data, such as GDPR customer 1, 2, 3, etc. This way your order history, sales data and other company related information remains correct, all that we change is the name of the customer to the unidentifiable entity.
Cookies Notification Bar
Visitors to your website will be prompted to acknowledge that cookies are used on your site. This prompt only occurs once and if clicked, does not appear to your visitors again. To turn this notification on, go to the top right of your Admin home screen, choose the Settings gear icon > Store Settings > Localization
To enable a cookies notification bar on your homepage header, enable this slider.
The notification bar will look like this line below:
Helpful Information related to GDPR
GDPR gives people the right to access, correct, delete, and restrict processing of their data, and sets out strict guidelines about how you need to get customers to agree that you can use their data (aka, consent). This is especially important if you're using your customers’ data for purposes beyond simply filling orders, like for marketing or advertising.
GDPR also makes it the merchant responsibility to protect that data (even if you’re using a processor like CoreCommerce to actually store that data), and to make sure that your customers and website visitors can exercise all the rights they now have.
What is personal info? If you collect or store any information that can be linked to an individual, that counts as personal data. Name, phone, email, location data, IP address, online Identifier such as "cookies".
Things to ask yourself:
If you’re using third-party applications or themes to support your store, do those apps or themes comply with GDPR? Sending marketing campaigns requires consent from your site visitors. If you're using our newsletters, MailChimp, Constant Contact or any other email marketing tools, this applies to you. While it is not obligatory under the GDPR when sending marketing emails to your own existing customers, you may request 'explicit consent' from your site visitors before sending them any marketing materials. In many cases, this can be accomplished by a check box next to your 'Subscribe' button, obliging your site visitors to check the box and confirm consent before subscribing to the newsletter.
Another reference point for more information and to familiarize yourself with the policies is GDPRandYou.
Will every customer be able to delete their data inside their account? No, only customers from the EU will see the GDPR buttons in their account and only they have the ability to download data about themselves and erase their data.
Does the ability to delete customer info apply only to those customers with an EU address or IP? Regardless of country, you as the Admin can erase any customer's data.
The "cookies" notice... is that by EU IP address or to everyone? It is displayed to everyone - but once they click "I understand" it goes away permanently
Please contact us at firstname.lastname@example.org or start a chat with us if you have any questions about our GDPR strategy.