The European Union General Data Protection Regulation (GDPR) seems to be the latest buzzword in data protection. The new law went into effect on May 25, 2018, and affects anyone in the European Union. Meaning that even if you’re business is not physically located in Europe, your customers may be. While this new law was put in place to protect citizens of the European Union, the law is having a very global impact. With GDPR, it is required for any eCommerce business doing business overseas to be compliant.
It’s imperative that eCommerce merchants understand what the new GDPR law is and how to be compliant.
What the GDPR is All About
GDPR is all about empowering individuals to maintain control of their data. Explicitly, the law enforces better protection of citizen data in the European Union. GDPR offers transparency for any saved data. With GDPR, customers have ownership of their data and control how and when merchants can use their data. Further, there are three major components to GDPR to understand: consent, transparency, and data security.
Consent involves a more explicit opt-in than what many eCommerce websites offer currently. Pre-checked boxes are not a form of consent when it comes to the GDPR. Further, merchants need an explicit opt-in for all electronic marketing channels including email. Notably, customers can withdraw their consent at any time.
Transparency involves sharing with customers the type of data stored in their name. Customers can submit a subject access request (SAR) at any time to receive this information.
In regards to data security, the goal is to mitigate any data breach. To help mitigate data breach issues, merchants need to take appropriate technical and organizational measures to encrypt data.How GDPR Will Affect Your Magento Store
As a Magento merchant, mainly if you’re located in a country that is apart of the European Union or have customers overseas, GDPR compliance is critical. Notably, non-compliance can lead to fines ranging from 4% of your worldwide annual revenue from the prior year up to 20 Million Euros.
IP Tracking
IP tracking is a component that needs to be a part of GDPR compliance. IP tracking takes the IP address of a visitor to motivate specific actions. IP tracking allows merchants to identify a customer’s location as well as their geographic preferences. Merchants can also tailor specific rules, including the way to provide calls to action and price modifications.
Under GDPR guidelines, before merchants can utilize IP addresses, they need to ask for customer’s permission to do so explicitly. Including permission to collect and store their IP address. Notably, It doesn’t matter what type of web address is used including .co, .de, or .com. Any EU site visitor should be able to accept or reject your IP tracking and checking module.
Personalized Content
Personalized content is another aspect that is going to change. Studies show that customers are more likely to make a purchase when influenced by personalization marketing techniques. For example, if a merchant uses a customer’s name in emails, or the customer receives recommendations based on previous purchases. To provide personalized content, merchants store specific data about customers with tracking cookies. However, GDPR compliance requires merchants to give EU customers a choice of accepting cookies or not. If they choose not to accept the cookies, it prevents the merchant from providing personalizing content to them.
It’s important to examine all of the data collected on your website. If any data is considered irrelevant, don’t ask for it. Fortunately, there are Magento 2 GDPR extensions available that allow merchants to make additional changes to enhance the overall privacy of customer’s data.
Support from Magento on GDPR
Magento currently offers features to assist merchants with GDPR compliance. Magento has made data mappings available for the Magento software so that merchants can identify the location of stored information in Magento. These mappings are available for Magento 1.x and Magento 2.x and cover Magento Commerce cloud, on-premise as well as Magento Open Source.
Also, Magento created a list of third-party subprocessors detailing those service providers that Magento utilizes in the provision of Services to Magento merchants.
For a detailed list of commonly asked questions and answers concerning Magento and GDPR read through this FAQ reference sheet from Magento.
Contact us to learn more about GDPR compliance and changes. Although Magento is complicated, we can assist you every step of the way.