In the Administration panel, go to Add-ons → Manage add-ons.
Switch to the Browse all available add-ons tab.
Find the GDPR Compliance (EU) add-on and click Install next to it.
Note
The add-on first appeared in CS-Cart and Multi-Vendor 4.7.4. Our support staff can offer guidance to those who use older versions; for a small fee we can even adapt the add-on for your store. Please contact our technical support via Help Desk for more information.
Once the add-on is installed, click on its name to open the add-on’s settings.
The General tab you’ll find the following settings:
Email for personal data issues—the email address that will be used in the notifications about personal data processing. For example, it could be an email address of the department that handles customers’ requests to export or anonymize their data.
Company name—the company name that will be used in the notifications about personal data processing.
Note
These settings affect only the notifications about personal data processing, and only if the texts of those notifications include the [email]
and [company]
placeholders respectively. Check Step 2 for more information.
Click Save.
The add-on’s settings have the GDPR tab. It contains the list of places where checkboxes for requesting consent will be displayed. For each place, you can choose whether or not you want a checkbox for requesting consent to appear.
Every checkbox for requesting consent is accompanied by a notice about personal data processing. The texts of these notices and checkboxes can be accessed and edited separately from each other. These texts are in fact language variables, so the same rules apply when you translate or edit them.
We tried our best to make the default personal data processing notices as informative as possible. However, we can’t guarantee that they fully comply with the GDPR, especially since the practices regarding personal data differ in every company. That’s why we ask you to review and edit these notices as you and your lawyers see fit.
When you edit these notices, you may add [email]
or [company]
placeholders into the texts. When customers see the text, they’ll see the email address or company name from the add-on’s settings. Change the values in the settings, and you’ll update the email address and/or company name in all the notices simultaneously.
Hint
If you don’t want the notices to be too long, add a link to your Privacy Policy to all of them, and describe everything in the Privacy Policy. However, we can’t guarantee that this practice is GDPR-compliant, so you’d have to consult your lawyer regarding this.
Check the storefront. Make sure that the notices about personal data processing appear in every place where you collect personal data.
For example, the add-on doesn’t automatically add notifications about personal data processing to forms created with Form Builder. That’s because the checkbox can be created via the Form Builder itself.
In that case the consent for personal data processing won’t be stored in the database, but rather in an email you receive, alongside the data that the customer may’ve provided via the form.
Test the workflow of granting consent. Register as a new customer and give consent for personal data processing in various places.
Open your database to see the consent logs in the cscart_gdpr_user_agreements
table.
As an administrator, try exporting personal data and anonymizing a customer.
Note
Customers would have to contact you to request their personal data or anonymization. For example, they can do it via email that you provide in the notices about personal data processing in step 2.
The add-on by itself won’t make you GDPR-compliant. We recommend familiarizing yourself with the GDPR and looking into other measures that you may need to take.
For example, you may want to review and update your legal documents to address the requirements of the GDPR. For your online store, those documents could be:
terms_and_conditions_content
.Questions & Feedback
Have any questions that weren't answered here? Need help with solving a problem in your online store? Want to report a bug in our software? Find out how to contact us.