EBusiness and GDPR – What Should You Know About This Regulation?

GDPR is likely to affect you, even if you are not in the European Union

Do not be fooled – despite the fact that the regulation is linked to the European Union, it will affect businesses around the world. What is the reason? GDPR is designed to protect EU personal data and therefore applies to any organization that processes EU-oriented data, no matter where the organization is.

So, if your company touches at least one European Union personal data, you are responsible for proper data protection.

What is considered to be personal data?

‘Personal data’ is a very broad term, so the regulation is subject to any information that may be used to identify a person in any way, even indirectly. This includes names, email addresses, photos, ID numbers, and financial information. For example, if a customer can create an account in your store or if a customer needs to enter his / her email to place an order. This is considered as personal data.

In addition, information that does not identify a particular person, such as IP address or web cookies, is also considered as personal data.GDPR rules include even if something is remotely related to “physical, psychological, genetic, mental, economic, cultural or social identity” – the regulation says.

For example, companies can only store or process data when the person concerned explicitly allows it, but GDPR additionally sets a solid data retention period. In addition, the law requires companies to delete personal data on demand within 72 hours after the violation has been discovered and to report any data breaches to both public authorities and affected parties. Read more about what personal data is considered personal here.

What should I do before May 25th?

Some points you should think about preparing for the GDPR:

• Do I need to update my privacy policy or change the information you provide to your customers?
• If you use third-party applications or themes in your store, do they match GDPR?
• Do you need to start documented data protection impact assessments?
• Do you need to obtain customer consent for data processing and do you need to change the way your consent is received to meet the terms of the DAR?
• Will you be able to comply with the rights granted to customers and consumers, including access, correction, deletion and export of data?

You may have noticed that we have asked questions that you should ask yourself, not the exact steps. This is because every business is different and you may need to prepare more (or less) for the regulation to come into force than for other e-business owners. You may decide that it is right to consult a lawyer if you are not sure how GDPR will affect your business.

„Magento“ and GDPRBecause Magento Marketplace extensions are created by third parties, you must evaluate all extensions associated with your account. „Magento Marketplace“ extensions can store personal data in other locations than „Magento’s“ main e-commerce platform. Some extensions can send data to external service spheres. It is your responsibility to know the policies and behaviors for using the selected extensions data.