PrestaShop 1.7 GDPR Compliance
The General Data Protection Regulation (GDPR) comes into effect on May 25th and aims at unifying regulations related to data privacy policies in the European Union. This text reinforces people’s rights and imposes a new accountability logic on entities involved by requiring them to take the necessary, appropriate measures to ensure a suitable level of security when processing personal data.
Why you should bother about it
Given the extent of these concepts and the fact that you are running an e-commerce business, it is highly likely that you process personal data. Also, GDPR affects not only every European company but also companies located outside of Europe which collects European citizens’ personal data. Needless to say that no merchant can avoid it and store compliance upgrade is not an option.
Our GDPR module is available from your back office and is here to protect your customers’ data. In short, they should be able to access their personal data, they have the right to data portability, obtain rectification and/or erasure of their personal data, and mostly give or withdraw their consent. For merchants, the law demands to keep a record of processing activities such as access, consent, and erasure.
Article 83 of the GDPR provides sanctions up to €20 million or, for a company, up to 4% of its total global annual turnover for the previous financial year.
Configure the GDPR module
This tab will help you become familiar with the General Data Protection Regulation (GDPR) and our module. Here, you will find general information about this EU regulation (our whitepaper, video, article, etc.) and the user guide for our module to download in PDF format to help you get set up.
Personal Data Management
In this tab, you will first find the list of modules installed in your store that are GDPR compliant.
If you consider that one or several modules collect personal data and that they don’t appear on this list, please make sure that you have access to the latest version of these modules to fully benefit the GDPR update.
If they are still not displayed in the list, we invite you to contact their respective developers to have more information about these modules.
Next, you can search for a customer and an unknown or guest user who has given his email address or phone number in your database and view all of his data collected by the PrestaShop solution and the GDPR-compliant modules installed in your store. To search for a user, please enter the first letters of the name, email address or phone number:
The personal data that you can visualize in this interface will be used at two different levels:
- When a user requests access to his data: he gets a copy of his personal data collected on your store in PDF or CSV format.
- When a user requests data erasure: if you accept his request, his data will be removed permanently.
You can also process all of your users’ data erasure requests that are done through your contact form and with your validation. Before accepting the data deletion request and deleting a user permanently from your database, we recommend you to download all of the invoices linked to his/her account.
For further details on data, you will be redirected to the customers part of the back office in order to manage all the profiles registered and have a look at the information they contain.
Note that this module also allows the deletion of guest accounts. Merchants just need to search for the exact email address or phone number.
Once the data erased, the user does not exist anymore (account and address are deleted from your database) but its invoices remain available with the order. Only his personal data are suppressed. His abandoned carts are transferred to an anonymous account while his orders are no longer associated with any customer account.
Consent Checkbox Customization
This tab allows you customize the consent confirmation checkboxes and the corresponding consent request messages in various forms of your store.
Configure your checkboxes
You can activate and customize the consent confirmation checkboxes in two places by default:
- In the account creation form on your store
- In the Information tab in the customer account
We recommend you to write your consent request messages in all available languages of your online store.
Depending on your stores installed modules and if they have been updated for GDPR compliance, the corresponding text fields will be shown on this interface so that you can personalize your permission request messages.
Customer Activity Tracking
In this tab, you can view all your customers’ actions related to their personal data (especially for data accessibility, permission, and deletion).
In this summary table, you will find the information below:
- Customer’s first and last name or client ID
- Type of request: data accessibility, permission, or deletion
- Date and time of the action
In this tab, you will find a list of questions frequently asked by our merchants as well as answers provided by our module and GDPR experts.