As you know, on the 25th of May 2018, the new text on personal data protection will come into effect.
You can read our article about it here :
In brief, what is the GDPR?
The General Data Protection Regulation (GDPR) is the new benchmark European text on personal data protection.
As you know, on 25 May this new text on personal data protection will enter into application.
This text strengthens individuals’ rights and establishes new accountability rules, requiring stakeholders to implement all the necessary and appropriate measures to guarantee a suitable level of security for personal data processing.
Who is concerned by the GDPR and what data is concerned?
The GDPR will apply to all processing of personal data, whether it is automated or not. Data processing is defined as an operation or a series of operations that may or may not be performed using automated processes and applied to data or sets of personal data.
Given the extent of these notions and your e-commerce activity, it is highly likely that you process personal data.
Furthermore, the other criterion of the regulation pertains to processing personal data that has a geographical connection with the European Union. In concrete terms, the GDPR will apply when:
- The data controller or its processor has an establishment located in the European Union
- The data controller or its processor does not have an establishment located in the European Union but the persons whose data is processed are located in it. In other words, whether or not you are located in the European Union, the regulation applies to most companies!
What do we really mean by ‘personal data’?
Personal data was already defined in the French 1978 ‘Data protection’ law as ‘any information relating to an individual identified, or who may be identified, either directly or indirectly, with reference to an identification number or several items of information specific to them’.
Personal data is any information relating to an individual that directly or indirectly identifies them. For example, if your customers can create an account on your PrestaShop store or if you gather their telephone numbers, you gather their personal data. IP addresses are also personal data and enter within the GDPR's scope of application.
What does PrestaShop plan in order to enable its users to comply with the GDPR's requirements?
We are currently developing new features that will be available in versions 1.5, 1.6 and 1.7 of the software and will help you comply with the regulation's requirements. These features will be available at the beginning of May and there will be an article about them.
These new features will enable PrestaShop solution users to:
- Obtain your customers’ consent easily by choosing to place a checkbox for consent where you wish; you will be able to customize the consent request message for each box and to refer to the CMS page of your choice to provide your customers with more information.
- Organize proof of confirmation and withdrawal of your customers’ consent when it has been requested from them.
- Facilitate management of requests relating to your customers’ rights, in particular, their right to delete; if your customer asks to delete their account, you will be able to download all their invoices in one click (if there are any) or delete their customer account and their personal data in one click.
- Organize proof that their rights have been exercised, with a log listing all your customers’ requests and the action is taken to fulfil them.
When must I make my PrestaShop online store compliant with the GDPR?
Our GDPR module is currently being developed by our team of developers and will be available at the beginning of May. The module will be provided free of charge for all 1.7 versions. It will be available as a fee-paying module on the Addons Marketplace for versions 1.5 and 1.6.
The purpose of these features is to help you be compliant.
Installing them alone in no way guarantees merchant sites’ compliance with the new obligations imposed by the GDPR.
It is your responsibility to put in place all the necessary measures to ensure you comply.