GDPR: necessary actions in all e-Shops

As you may be aware, very soon all businesses that hold personal data in any form and operate in the European Union will have to comply with the new European law under GDPR which concerns the protection and management of personal data. A deadline has even been set for May 25, 2018.

Companies that do not comply after the deadline will be required to pay exorbitant amounts in fines. If you run a business and collect personal data you should contact a GDPR certified technical / legal advisor to guide you on the steps to take to protect your business.

For more details about GDPR read here

< h4>GDPR for businesses that have an e-Shop and are active in electronic transactionsIf you have an e-shop, I would first suggest the following actions that are necessary for all e-shops regardless of the type of e-shop and the items/ services that market:

1. Purchase and installation of SSL certificate for your e-shop
   
2. Revision of the personal data retention policy in your e-shop, with a special consultant/legal certified for GDPR
3. Informative PopUp on the initial page that will prompt the user to accept the storage of cookies and to read and accept the personal data management and protection policy maintained by the eShop
4. Adding to his profile, the ability to delete his account and his order history from the e-shop database
5. Possibility of accessing and changing his personal data through his profile
6. Adding a link with a check of acceptance of the personal data retention policy in registration form and modification of his profile. The form should not be saved if the user does not check the option, certifying with his digital signature that he agrees to provide his personal data to the company.
7. [Optional] automatic deactivation or deletion mechanism of members who have not access and have not made any purchases for the last X years.
8. Mass e-mail to eShop customers to read and accept the new amended privacy policy
9. li>If the eShop keeps data such as: gender, date of birth, etc., and it is not necessary for the company, I would suggest that they be deleted from the database and removed as fields from member registration/modification forms.
10. Regarding the newsletter: the user should have the possibility to OptOut and unsubscribe from the mailing list both in his profile and as a deletion link at the bottom of e-mails mail sent by the company in bulk
11. Delete ALL contacts from your database that were registered WITHOUT their consent (bulk import of contacts with import from other databases)
12. In case the your e-shop is connected to an ERP or accounting program, you should definitely consult the GDPR consultant and let him know for your case what other changes are required both in your e-shop and in your ERP

I believe that every e-Shop / Website should definitely ensure the above in the first phase, always in collaboration with the GDPR consultant who will take it on.

PrestaShop update for compliance with the new GDPR regulation

If you have an e-Shop and would like us to support you, please contact us.