GDPR compliance for Magento
GDPR is a hot topic right now and not without a reason – although new EU resolution regarding personal data is not mandatory, it is very important for a business to comply with GDPR. Why you should do it and how? Well, we will answer this and other questions in the article below. As brief and simple as possible.
What is GDPR
GDPR is a regulation in EU law on how personal data of EU citizens should be collected, processed and stored. This regulation has to be applied by any company that operates within EU borders as well as by those companies that provide services for EU citizens and access their personal data in the process.
What are necessary actions for a business to comply with GDPR
In order for a company to take actions on personal data, it should gain individuals’ consent to do so. The consent request must be delivered before gathering of any personal data – basically, during the first visit to a website.
Before obtaining consent company should inform individuals of forthcoming collecting, processing and storing personal data. Information should be given in an easy to understand way and cover such topics as:
- In what purposes personal data will be collected, processed and stored
- What kind of data to be collected and processed
- For how long personal data will be stored
- How user can access personal data, discover who was using it, in what purpose and how to delete all personal data that was gathered.
- Contact information regarding personal data protection
Furthermore, to accept GDPR company should provide technical measures to ensure safety and accessibility of personal data as well as unhindered possibility for an individual to delete his/her data.
Along with the aforementioned rights, individuals should be protected by the right to restrict data processing, the right to object or curtail the collection of certain types of data and the right to data portability.
Are there fines for GDPR non-compliance?
Failure to comply with GDPR can result in a fine ranging from €10 million to 4% of the company's annual global turnover.
Fines will depend on the severity of the breach and on whether the company is deemed to have taken compliance and regulations around security in a serious enough manner.
All aforementioned makes GDPR compliance a mandatory action for any company that operates in EU territory or has any business with EU citizens implying the receipt of their data.
Simply put, if your online store has or possibly may have any EU customers, GDPR compliance is mandatory.
How to implement Magento GDPR
Bringing your Magento-powered website into compliance with GDPR requires a number of steps.
- Gaining individuals’ consent on data gathering, processing, storing and, if necessary, delivering to third-parties. This consent should be taken after individual will receive all necessary information on the subject matter, stated in a simple and understandable manner. So you will need a correctly composed GDPR-agreement text.
- Implementing technical measures that will ensure the safety of personal data as well as ability to delete personal data, trace it transfers, processing stages and any other data-related actions.
Smile Ukraine will gladly help you to prepare your Magento-powered online business for GDPR compliance. Our specialists are able to integrate GDPR-consent module on any pages of your site that gather personal data.
And what is more important we can do all the work on a technical side to ensure that personal data gathering, processing and storing fully comply with GDPR regulation.
Please, contact us via the form below and we will make your Magento online store GDPR-ready.