GDPR Compliance (EU)

Note

This add-on first appeared in CS-Cart and Multi-Vendor 4.7.4. Our support staff can offer guidance to those who use older versions; for a small fee we can even adapt the add-on for your store. Please contact our technical support via Help Desk for more information.

This add-on helps you comply with the GDPR, a European Union regulation on personal data processing. The add-on by itself doesn’t guarantee compliance with the GDPR; it only gives you the tools to achieve compliance.

What Is GDPR About?

The General Data Protection Regulation describes how you can acquire, store, and process personal data of citizens and residents of the European Union. Here are some of the important points of the regulation (with references to the GDPR Articles):

  1. In most cases (Article 6) you’ll need an explicit permission to collect and use someone’s personal data. You’ll also need proof that such permission was given (Article 7).
  2. When you collect personal data, you need to inform people who you are, why you need their data, how you’ll use it, and more (Article 13).
  3. People have the right to withdraw their consent at any time (Article 7), to request a copy of their personal data (Article 20), and “to be forgotten” (Article 17).
  4. Fines for non-compliance can be up to €20,000,000 or 4% of the company’s total worldwide annual turnover (Article 83).
  5. The regulation applies outside of the European Union as well, as long as you process personal data of EU citizens and residents (Article 3).

We don’t claim to have summarized an 80-page law in one article. But as you can see, these points do affect online stores. For example, when a customer gives you an email address for account registration or newsletter subscription, that counts as personal data processing too.

How Does the Add-on Help to Comply with GDPR?

Tools to Manage Personal Data

  • A tab with all the personal data of a customer that appears on the customer editing page.

  • The ability to export personal data of a customer to an XML file on request.

  • The ability to anonymize a customer, replacing all his or her personal data with randomly-generated information on request.

    Note

    Customers can request you to provide their data or anonymize them by contacting you. For example, they can do it via the email address you provide in the notices about personal data processing.

    The personal data of a customer in the admin panel.