How does GDPR affect my Shopify store?
GDPR is upon us. On May 25th 2018, the General Data Protection Regulation (GDPR) will take effect.
The GDPR is the European Union’s new data privacy law. It impacts how all companies, big and small, collect and handle personal data about their customers. Shopify has been working to fully comply with GDPR rules the moment it takes effect, so merchants will be able to use the platform in a way that complies with the GDPR from the outset.
What has Shopify already done to prepare for GDPR?
The Shopify team has been hard at work preparing for the GDPR for a while. So far:
- They’ve updated Terms of Service for all merchants to automatically include a Data Processing Addendum governing how they process the personal data of European customers.
- They’ve updated marketing opt-in to allow merchants to set it up as unchecked for their store, and also allowed merchants to tie abandoned cart notifications to whether the customer has opted into marketing.
- They’ve prepared a whitepaper to explain how they’re approaching certain legal requirements under GDPR.
And what’s new for developers building on Shopify?
By May 25th, for developers, Shopify will have:
- Provided a template for Privacy Policies that includes some of the information merchants will need to know to ensure that usage of your app complies with GDPR.
- Updated the platform to allow merchants to request access to all of the personal information that they hold about a particular customer.
- Updated the platform to allow merchants to request that Shopify and all installed apps delete specific customer records upon request, and/or upon uninstall of an app.
- Plans to releasing two mandatory webhooks for all apps, through which we will notify installed apps when a merchant requests personal data deletion - which will need to be connected to with these webhooks to delete information as required by merchants.
If you have any additional questions or concerns around how GDPR affects your business specifically, it’s important to remember it’s a legal framework, not a technical or creative one - so we’d always recommend seeking legal advice.