The General Data Protection Regulation (GDPR) that comes into force on 25 May 2018 has the goal of harmonizing regulations concerning the protection of privacy in the European Union.
The GDPR extends the reach of the current directive to cover all data processed not just European individuals and legal entities, but also non-European companies or organizations that process data about European citizens.
We have written a white paper that details this regulation's content and the reasons for its entry into force.
Who is concerned
The GDPR will apply to all processing of personal data, whether it is automated or not. "Processing" means the collection, conservation, modification, extraction, viewing, use, communication, erasure, etc. of personal data (identity, email address, IP address, telephone number, location data, consumption habits, etc.).
The regulation concerns not only European companies but all companies located outside this region that processes personal data about European citizens.
What does this mean for end clients
In accordance with the GDPR, any client located within the European Union:
Must be informed of the collection and end uses of his or her data
Must be able, where necessary, to give and withdraw their consent to the collection and processing of their personal data
Must have access to it and be able to obtain a copy in a portable format, as well as refuse processing in certain cases and have it erased.
What does this mean for PrestaShop e-sellers
E-sellers must make sure that their store allows end clients to exercise all their rights concerning the processing of personal data. Therefore, e-sellers must allow their clients to:
be informed of the collection and end uses of their data
be able, where necessary, to give and withdraw their consent to the collection and processing of their personal data
have access to it and obtain a copy in a portable format, as well as refuse processing in certain cases and have it erased.
In addition, e-sellers must:
Only collect data that is relevant and necessary for the store's business objective
Inform clients of the collection of their data and their rights
Put in place all the technical and organization measures that can show their practices comply with the GDPR.
What does PrestaShop have planned to allow e-sellers to comply with the regulation
PrestaShop has developed a module to help e-sellers and module developers to comply with the regulation by respecting the following requirements:
The purpose of this module is to manage personal data collected by the PrestaShop software, by native modules and community modules installed on your store (only modules that are GDPR-compatible themselves).
It will bring you into compliance by respecting the following requirements:
Users' access rights to their personal data in their customer account
Users' right to data portability (a copy of their data in an exploitable CSV or PDF format)
Users' right to edit or delete their personal data, subject to seller approval
Users' right to give and withdraw their consent
E-sellers' obligation to maintain a log of processing activities (in particular for the access, consent, and erasure of personal data)
Do you have a store in PrestaShop version 1.7? Here are the 3 steps to install the GDPR module:
In the back office, go to the Modules > Modules & Services page
In the Selection section, use the search bar to enter the following word (depending on the language of the store):
All other languages: "GDPR"
ATTENTION: it is this exact term that must be used, otherwise the module cannot be found on the list.
A module will appear: "Official GDPR Compliance" or "RGPD Officiel" (in French). Click "Install" and you're done!
Contributors are very likely to be concerned by the regulation since the products you sell on Addons are very likely to fulfill the GDPR conditions, i.e.
Your products (modules, themes, email templates) collect personal data (any information that refers to an individual and can directly or indirectly identify them): identity, email address, IP address, telephone number, location data, consumption habits, etc.
Your products users are located in European Union territory, in other words, if your product is sold in at least one EU country.