By: Danny Randon
The General Data Protection Regulation – commonly known as GDPR – comes into effect as of May 25th, 2018. The European Union are enacting a set of strict laws to protect privacy across the EU.
Matt Hancock, the UK government’s secretary of state for digital, culture, media and sport, has said that the measures ‘are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account’.
The Digital Guardian has added: ‘All organisations, including small to medium-sized companies and large enterprises, must be aware of all GDPR requirements and be prepared to comply by May 2018.’
GDPR eCommerce websites will be significantly impacted, so here’s what the top eCommerce platforms (Magento, Shopify, BigCommerce, WooCommerce and PrestaShop) are doing to get themselves ready for the new changes, and how it will affect not only the services they provide, but their customers too.
Magento and GDPR
Magento has been working hard to ensure that it is prepared for the GDPR changes by proactively probing and revising its policies, contracts and processes in regards to privacy and data protection. The platform has also been evaluating its products to assist customers in finding out what exact data is being retained by the platform and where it is being kept.
Magento is advising its customers to review any extensions that are linked with their accounts, due to Magento extensions being augmented by third parties. In order to be fully GDPR-compliant, Magento has also encouraged its customers to check all of their services and contracts linked to third-party organisations.
Shopify and GDPR
Like Magento, Shopify has also reviewed how GDPR affects its platform. It has disclosed that its services will not be altered, however the way that these services will be provided will be different.
GDPR Shopify will be affected in three ways:
1. Its privacy team will be re-organised to adequately document and keep record of the privacy-related decisions made by the platform, so that it will be fully accountable for its privacy practices.
2. Shopify will have to make and receive confirmed contractual commitments with their merchants, when using a third-party subprocessor to provide its services.
3. The platform will have to ensure that it is able to heed the rights of all European merchants and customers when it comes to its personal data.
WooCommerce and GDPR
WooCommerce has been heavily discussing the oncoming effects of GDPR over the last few months. To help its customers get ready for GDPR, WooCommerce has provided information about the new rules, alongside WooCommerce GDPR plans.
WooCommerce will be obligated to tell users what the platform is, why it is collecting data, who will receive the data and for how long. It has also been informed that it has to get clear consent before receiving any data, and let WooCommerce users access or delete data too. Customers will also have to be informed if data breaches occur.
WooCommerce has also recommended that its shop owners find out what they need to do to be GDPR-compliant, as there isn’t a one-size-fits-all approach.
BigCommerce and GDPR
BigCommerce says that it is ‘working hard to meet and exceed the privacy standards required by the GDPR’. In the meantime, the company’s director of information security, Christopher Beckett, has provided a comprehensive list of tips for building a GDPR-compliant business.
These recommendations include appointing a single employee within the organisation as a data protection leader, creating an inventory of data processing activities, and updating privacy notices to ‘be transparent and specific’. The article also informs customers that, under the GDPR, they have an obligation to disclose any breaches to the supervisory authority as soon as possible, at the latest within 72 hours.
BigCommerce has also said that its privacy policy will be updated before May 25th to reflect the latest EU guidelines, but as already mentioned in the policy, all data subject access requests submitted to privacy@bigcommerce.com will be actioned within the required 30 days.
PrestaShop and GDPR
PrestaShop hasn’t revealed too much about its plans regarding the GDPR, but has advised its customers to review and prepare their websites and plugins in compliance with the regulations.
The platform has also made the GDPR Suite Module available from its store to assist compliance. Released as an early version, the module offers a limited number of features including a customer data removal request and a customer personal data request, with email notifications to the store admin when a new request is created. The module also facilitates the manual administration of requests in back-office, although PrestaShop has warned that administrators will have to collect and purge data manually.
Meanwhile, PrestaChamps have published a page explaining the GDPR and the importance of complying with the new rules.
Read More >> https://tillison.co.uk/blog/gdpr-ecommerce-websites/
No comments:
Post a Comment