Guidance to Prepare Your Shopify Store for GDPR


Guidance to Prepare Your Shopify Store for GDPR

If you are a Shopify seller and you have any intention of entering the EU market, you had better get used to the term GDPR (or General Data Protection Regulation).

1. What is GDPR?

First appearing in 2018, the European Union GDPR has made a drastic change for the online businesses. Thanks to this approach to personal data protection, EU citizens are taking more control over their personal data.

GDPR has changed the definition of personal data. According to the new regulation, personal data consists of all information used to directly or indirectly identify a person, including:

  • A person’s name
  • A person’s photo
  • An email address
  • A mailing address
  • Bank details
  • Medical information
  • Users IP address
    and more.

GDPR concerns the following three areas:

  • Get consent: Marketing campaigns from you must be gotten by the user.
  • Provide adequate protection: User’s personal data must be protected adequately.
  • Delete, correct, or restrict when asked: You have to comply with the user’s request to delete, correct, or restrict the personal data.

2. Who the GDPR applies to?

The place you base your business does not matter. What matters is that the personal data you collect belongs to EU citizens and residents.

3. Why should you comply with GDPR?

Businesses going against GDPR will face fines up to €10 million or up to 2% of the annual worldwide turnover for the previous year.
However, instead of being a threat, GDPR is a wonderful chance to bloom your business. Should you strictly comply with GDPR, EU customers will surely favor and appreciate your business than others. This is time for you to boost your company image!

4. How to prepare your Shopify store for GDPR:

Note: We still encourage you to seek advice from a professional, legal person. The steps mentioned below are just really, really basic steps for your Shopify store.

Step 1: Get the user’s active consent for sending advertising emails:

After collecting user emails from different places, you should ask for their permission to send advertising emails.
Under GDPR, the consent is valid only when the customer actively confirms their consent, such as ticking an unchecked opt-in box. Pre-checked boxes using customer inaction to assume consent ARE NOT regarded as valid in GDPR.

a) On the register/sign-up page:

Here are some suggestions for your registration page:

There is a checkbox to opt for advertising emails on OTTO’s registration page
The Sainbury’s asking for permission is much more detailed, which can boost the customer’s confidence to opt in.

b) On the checkout page:

On the Customer Information page, under the input box for email is a default checkbox for opting in news and offers. Remember to keep that unchecked by default (as GDPR demands).

c) If you send the additional emails:

In case the number of emails you send is more than the number the user signs up for, then it is necessary for you to receive their permission for the added.
For example, OTTO has clearly pointed out some information on the footer:

  • Types of emails the user will receive
  • The name of the company send emails
  • Method for the user to revoke the consent

d) Getting consent from your old contacts:

One example from Omnisend

Besides new contacts, you also need permission from your existing contacts. We highly recommend you to send the email template to every list affected by the GDPR.

e) Respect the consent:

It might be different in your country; but in the EU, once you get the consent, you are supposed to respect and strictly follow what you have promised.

Step 2: Get permission for storing data using cookies:

All EU countries have adopted the EU directive for using cookies in May 2011. According to the directive, every individual has the rights to refuse the use of cookies that negatively affect their online privacy.
Three basic steps to comply with the cookie law:

  •  Find the cookies your site uses by cookie audit
  • Notice the users about the data you are collecting and their benefits to improve the shopping experience. Create a cookie policy and insert the link of the policy while asking permission from the user.
  • Ask permission from the EU users for using cookies

Step 3: GDPR compliant privacy policy:

GDPR mainly focuses on protecting personal data and digital privacy. For more information about creating a privacy policy, click this: GDPR compliant privacy policy generator.

In conclusion: Complex as it might seem to be, you are advised to prepare your store for GDPR. Should you have any questions, feel free to leave it in the comment section and we will reply as soon as possible!

About the author

Adam administrator

Leave a Reply