Home » Shopify GDPR: How to be compliant on your store?

Shopify GDPR: How to be compliant on your store?

  • by
Shopify GDPR

The GDPR is a uniform law released in May 2018 and instituted in the twenty-seven European states. This data protection law aims to protect the privacy of European citizens in digital infrastructures on a global scale. As a web entrepreneur with a Shopify site, you need to comply with data protection regulations. But how do you comply with the Shopify GDPR? In this article, we’ll help you understand how to get into compliance with the Shopify GDPR. But before that, we will first explain to you why such a regulation.

What is shopify’s GDPR?

Shopify GDPR – What You Need to Know
Shopify GDPR – What You Need to Know

The GDPR (General Data Protection Regulation) is the European law that took effect on May 25, 2018. It introduces new ways of looking at data online. This data belongs to the user. Thus, he alone must approve any collection and processing of the latter.

The Shopify GDPR therefore regulates how companies are allowed to process the personal data of European citizens. Therefore, Shopify GDPR compliance requires respecting users’ privacy and confidentiality. The Shopify GDPR grants individual rights to EU citizens. This includes that their personal data is not collected or processed without their prior consent. The regulation defines personal data as any information that directly or indirectly identifies an individual. It can therefore be a name, an address, a telephone number, an email address, a photo, an IP address, an activity on the Internet, content posted on the Internet, medical information, etc.

Shopify GDPR: Who does it apply to and what does it take to comply?

Shopify GDPR – Data Subjects
Shopify GDPR – Data Subjects

The Shopify GDPR is applicable to any Shopify merchant based in Europe or with a European customer base that processes data deemed personal. In other words, if you own a store on Shopify and you have customers in Europe, then you need to comply with the GDPR on Shopify.

What’s important to know about Shopify and the GDPR is that the platform empowers merchants to comply with the law as best they can. For this, an update has been made on:

  • the terms of use;
  • the privacy policy;
  • the cookie policy;
  • the privacy policy generator;
  • marketing registration;
  • etc.

In addition, the purpose of the GDPR in general is to limit the way data is used, there are among other things that you must have on your website to be compliant with the Shopify GDPR.

Shopify GDPR: How to comply?

Shopify GDPR – What you need to do to be compliant
Shopify GDPR – What you need to do to be compliant

Here’s a list of things you can do to comply with the Shopify GDPR.

Enable GDPR on Newsletters on Shopify

The Shopify GDPR requires that when collecting data like email address, one must obtain the explicit consent of the customer. To obtain the customer’s consent with regard to the newsletter, you can propose the following wording:

See also  Shopify Store: Which business status to choose for its creation?

“By providing your email address, you have read and accepted our privacy policy. You also agree to receive (specify frequency) our (put the service to offer) by email and”. It is important that you are precise and that you know how to adapt it according to your business.

Apart from the first consent text, it is also important to fill in a second Shopify GDPR consent text. You must always specify to the user that he has the possibility to unsubscribe at any time and that you can delete his data at any time.

“You can update your preferences or unsubscribe using the unsubscribe links.”

Shopify GDPR: Update your privacy policy

You must have a privacy policy in place that clearly explains the data you collect from your customers and the purpose of its use. Shopify provides the relevant information in its own privacy policy. However, it is up to you to provide yours as an e-merchant. Here’s what you can do for example to have a privacy policy compliant with the GDPR Shopify.

First, your privacy policy should state how you collect, use, share, and secure the personal information of your customers and those who visit your site. Next, you need to fill in the length of time you intend to keep your customers’ data. In addition, your privacy policy should also set out the options your customers have when it comes to using, accessing, and modifying their personal information. You need to make sure that your customers or visitors have easy access to your privacy policy. For this, you can for example insert a link so that your customers can find it easily.

If your privacy policy does not contain the aforementioned information, you should update it. For example, you can get your privacy policy with the Shopify GDPR generator. It is free and has recently been updated and takes into account the GDPR.

Update your terms and conditions

It’s not just your privacy policy that you need to update. Your terms and conditions may also require a change in order to comply with the Shopify GDPR. In addition, since you need to update it, you can also link to your privacy policy from this page. Shopify is back in the game. It provides a useful terms and conditions generator.

Shopify GDPR: Respecting your customers’ rights

The GDPR gives your customers several rights. Let’s look at them!

Right to erasure (right to be forgotten)

If a customer requests the deletion of his data, this must be done within one month. There are, however, some exceptions to this rule. For example, if it is associated with a current order or if it is during the chargeback period (usually 180 days). A customer may also request the erasure of personal data concerning him in the event that the data in question is no longer used for the purpose for which it was collected. This is also the case when he withdraws his consent for the processing of his personal data.

Right to rectification (correction)

The customer has the right to rectify at any time, the data you hold about him. This may be due to the fact that the information is incomplete or inaccurate. If you receive such a request, you must do so as soon as possible. You can edit customer data directly in the Shopify admin.

See also  How do I send emails on Shopify?

Right of access to data

Customers have every right under the new regulations to have access to their data. Upon request, as a data controller (if you have not appointed someone), you are responsible for providing this information. Allow your customers to directly apply the right of access to their data from the space reserved for them on your site.

Right to data portability

Upon request, the data controller must provide this information in a readable and intelligible format. This information may concern:

  • personal information;
  • transaction or order history;
  • payments;
  • the list of products;
  • etc.

Comply with regulations regarding the management of cookies

It is important to comply with cookie regulations. If you haven’t already done so, it’s time to allow cookie management on your site. From now on, you must give visitors the opportunity to choose for themselves the type of cookies they want to leave active when browsing your sire. You may already have a statement that says, for example, “By using this site, you accept cookies…” ». That is no longer enough.

The customer must give his prior consent and show his consent by means of a positive action. For this, a banner appears as soon as the visitor arrives on any page of the site. This banner must not disappear until the latter has performed an action among the proposed choices. This banner includes a legal notice and allows access to the personalization of the site’s cookies. Regarding the text of the banner, as an example, you can propose the following:

“By continuing to browse this site, you accept the use of cookies to offer you (put the services you wish to offer)”.

In the event that the visitor continues his navigation without making a confirmation, the default maximum privacy setting will be applied throughout the duration of the session. As for cookie management, in the Shopify App store you can download the GDPR + Cookie Management app that allows you to get a GDPR-compliant website and cookie bar. By downloading the GDPR Shopify App, you get a 15-day free trial. Additional charges may apply thereafter.

Review third-party apps

As a Shopify store owner, you undoubtedly use third-party apps on your site. So it’s important that you only use third-party apps that comply with the GDPR. Shopify works together with developers to make sure they comply with these rules. However, that is ultimately your responsibility.

If you’re not sure if your app is compliant with the new regulations, you can always contact the developer to make sure it’s compliant. If you have any doubts about the full compliance of the application, we advise you to remove it.

Collect only the data you need

Ask yourself what data you really need from your customers or prospects? Do you need a date of birth? No? So don’t ask for it. You only need to collect essential information. You also need to be very clear about how you’re going to use your customers’ data and how long you’re going to keep it.

See also  Shopify contact page: 3 key tips for perfect success

It is good to explain this in your privacy policy. What is obvious, the only data you will be able to ask your customer for is his name, address and email address. The information you will ask prospects for is an email address and possibly a name.

Ensuring full transparency

After collecting only the data you need, you need to be completely transparent with your customer. Apart from the privacy policy, there are other things you can do to make sure you are completely transparent. These include, for example:

  • Put an unsubscribe link next to any subscription link;
  • Remove pre-checked boxes from the forms you use;
  • Link directly to your privacy policy from the footer of your site;
  • Link directly to your terms and conditions from the footer of your site;
  • Make sure that unsubscribe links appear on all your marketing materials afterwards, you must make them visible.

In addition, it is necessary to find out if certain data relating to your customers goes through a third party. If this is the case, you must declare this information in your privacy policy.

Recontact all former subscribers and customers

If you already have former subscribers and customers, you should contact them and ask them if they still agree to receive your commercial offers. Remember that this only applies to European citizens and not to your entire subscriber list. For those who do not renew their consent, if you want to comply with the law to the letter, you will unfortunately have to remove these users from your database. This applies not only to their email address, but also to any data you hold about these people.

Prepare your organization

Explain the requirements of the GDPR to the leaders of your organization. Your entire team needs to be trained on this. Organize training for your employees on the procedures to react in case of data theft. If you employ more than 250 people in your company, you must appoint a data protection officer, a data controller.

Shopify GDPR: What if your store isn’t targeting visitors from the EU?

Despite the fact that the GDPR is a European law, the aim is to protect the data and personal lives of all EU citizens. As a result, any website serving EU citizens and processing their personal data must comply with the GDPR, even if the site is not hosted in the European Union.

Any non-compliant shop is likely to face heavy penalties. For large companies, the penalty can go up to 20 million euros and 4% of annual turnover. Complying with the Shopify GDPR is not a complex task. It is better to do that than to be punished. By the way, Shopify paid themes like Speedly already include GDPR standards.

Leave a Reply

Your email address will not be published.