GDPR Compliance Center by Pandectes

GDPR checklist for Shopify Stores

Introduction

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few Shopify Stores are completely compliant with its statutes.

The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly $20,372,000), or 4% of worldwide turnover for the preceding financial year – whichever is higher.

Most eCommerce retailers are now aware of the basic outline of the GDPR, at least as it relates to seeking consent to collect data on customers.

Takeaways

  • If your eCommerce store is available in Europe, you need to comply with the GDPR, even if you are not based there.
  • You then need to explicitly seek permission from every user from Europe to collect any kind of personal information.
  • You need to justify in your privacy policy why you are collecting this information, and what you will use it for.
  • Users also have a right to request all of the information you hold on them, and can also request for this to be deleted. This means that you need a process in place for dealing with these requests.
  • Finally, the GDPR also has impacts on the way that small businesses store and process data.

Checklist

  • Privacy Policy that covers all the tracking & data storage details of your store. This step requires you to evaluate your data collection requirements.
  • Cookie Consent Banner that is compatible with GDPR standards.
  • Data Subject Requests Management that allows users to view, download and delete their data from your Shopify store. 
  • Tracking Scripts & Cookies should not start before user consent is given. There are some scripts & cookies that Shopify manages and is responsible to modify/block them through our integration with their consent API.
  • Withdraw Consent must be available to the visitor to remove existing consent and change banner choices. This is provided by GDPR Compliance Center in multiple ways such as on the DSR page, and the extra button that appears on the pages as well as through a custom menu link.

GDPR Compliance Center Solution

GDPR Compliance Center is the most popular GDPR application in the store that covers all the above items. Shopify is proposing it as the #1 GDPR alternative for the removed apps they had. It provides an EU GDPR/CCPA banner including preferences popup, and cookie compliance, and works as a complete CMP. Based on a flexible settings panel you are able to make it feet on your needs and brand.

You can check more information on GDPR Compliance Center Help Articles here.

The Bottom Line

For new eCommerce retailers, GDPR compliance can seem very daunting. However, if you’ve decided to use Shopify as your eCommerce platform, you have made a wise decision. The platform offers you applications such as the GDPR Compliance Center that allow you to put in place the processes you need to be compliant with while not getting in the way of growing your retail business.

Scroll to Top