How to use GDPR Compliance: case study for Magento 2 store

How to use GDPR Compliance: case study for Magento 2 store

How to use GDPR Compliance: case study for Magento 2 store

How to use GDPR Compliance. Magento 2 store case study.

General Data Protection Regulation is a new regulation in EU law on data protection and privacy policy. It is related to the working process with customers from the European Union and processing, exporting or keeping their personal data. So even if you are not an EU-based company but dealing with EU customers, you are subject to the same requirements and penalties as companies registered there.

Regulation will come into force on May 25, 2018. Carefully studied the law, we have developed an magento extensions to be in line with the new law. We have already applied GDPR Compliance M2 to our website and we are surely prepared for the new regulations.

If you want to know how we have done it, continue reading....

According to GDPR, you need to request the consent of customers for data processing

Display checkboxes on six forms for customers to confirm

We added 'Privacy Policy' checkboxes on six forms to get permission from customers. The forms include Registration, Checkout, Log In, and Contact Us. As well the checkbox appears, when a customer leaves a review, and it is also shown under the newsletter subscription field. Due to checkboxes, we have the request for consent separated from the other matters and it is clearly distinguishable.

Make customers aware of the Privacy Policy

Share a link to the Privacy Policy page with customers

Even after confirmation in checkboxes customers can see a link to visit the Privacy Policy at all abovementioned forms.

Notify about confirmation

We will surely send notifications to our subscribers and already existed customers via email. They easily can confirm Privacy Policy by clicking a link in the notification form. We use templates for our email notifications to automatize the process.

Notify about changes in Privacy Policy via a checkbox or email

A customer will see again a checkbox to agree with made updates in the policy after login. It is also possible to notify customers about changed issues of the policy via email.

Ensure for customers the right to be forgotten

Be informed about customers’ requests for deleting

We can set that customers should make a request for deleting, an admin will receive all of them on a separate page in the admin panel.

Use two types of deleting: default deleting or all data deleting

Via the default, Magento deleting all personal info is destroyed except orders data. Choosing the first option, we can set the period to store the rest of the data. Or we delete all personal data including reviews and replace orders data with fake data. In this case, we use pseudonymization to substitute deleted info.

Notify customers regarding erasure of personal data

If customers don’t agree to Privacy Policy and their info should be erased, an email will be sent to them with the list of information that was deleted.

GDPR stipulates lawfulness of processing

Add a link for quick access to study the Privacy Policy

Each checkbox label has a text link so that anyone can follow it and immediately read Privacy Policy text in full. We added Privacy Policy page to demonstrate compliance with the Regulation and to explain the lawfulness of processing personal data on our website.

Select any page for linking

We have an option to select page placed in the footer in the dropdown list to link it with a checkbox label. It is helpful in case of having several pages for privacy policy in different languages or to apply them for multiple store views. If your page was deleted or the URL key changed, it is easier to select a page from a ready-made list.

Customers shall have the right to withdraw their consent at any time

Delete or unsubscribe customers

In case existed customers don’t agree to Privacy Policy, we can unsubscribe them or delete their accounts and personal data within 30 days.

Let customers delete their accounts

Another variant is that we can leave the decision for customers to delete themselves a personal account either by request to our admin or without it.

Special protection for children's personal data

Easily verify ages

The extension helps to meet another point in the GDPR. We display checkboxes with a label on the six forms to confirm, that a customer is over 16 years old. Underage customers can confirm marking checkboxes on Registration, Checkout, Log In, Contact Us forms, under the newsletter subscription field, and when leaving a review.

Redirect customers who are under 16 years old to get parental confirm

If a child is below 16 and doesn’t mark the checkbox, this customer will be redirected to the Registration Form, where appears a field to enter a parental email to send a notification about child’s registration. If a child is under this age, you should get consent from parents/guardians to process any children personal data.

GDPR contemplates data portability

We can export personal data to CSV format

Customers can exercise the right to request to get personal data in common use and machine-readable format. Our extension simplifies the process so that we can export all customers’ personal data to CSV format in one click.

Comply with the right to rectification

Send inquiries to customers to check the relevance of personal data

To follow a GDPR provision i.e. to have incomplete personal data completed or make some changes, we enable popup notification and select its showing frequency. So customers will receive it in personal accounts for checking the relevance of their data.

Ensure the right to access

Provide personal data to all customers

We take into account the right of customers to access to information about them. Our customers are free to ask for it. Registered customers export info in the Data Export section of their personal accounts. Other customers click a link in the footer and then enter email addresses into a special field of the popup. In such a way data concerning them are sent to the specified emails.

On Friday, May 25, GDPR Compliance update will be released. An extended version has new features. If you are interested and would like to know about them more, don’t hesitate to contact us via this link.  Don't lose a chance to buy our extension before May 25, and then get updates for FREE. 


© Extait, 2019