Are you keeping GDPR compliance if you work with Shopify or Magento?
by Irina Ciutaco
May 03, 2022
How does the GDPR affect you?The General Data Protection Regulation (GDPR) relates to any company, which is based in Europe or serves European customers. There is nothing to worry about, as Kooomo´s servers are all based in Europe, in Ireland and Italy.
What are the data rights of individuals?
First of all, under the GDPR law, European individuals have the right to know how their data is being collected, stored and used. Secondly, GDPR also enforces restrictions on transferring data about Europeans outside Europe, under certain circumstances. For example, GDPR admits that the privacy laws of particular countries could protect enough information to allow transfers and that companies can receive enough information according to certain conduct codes or certain agreements. Furthermore, in case you deliver data of European residents outside of Europe, then you should consider if you are doing this in agreement with the GDPR compliance law.
On one hand, both Shopify and Bigcommerce´s servers are based in the United States, which means that you risk being penalised, under the GDPR jurisdiction. On the other hand, Kooomo´s servers are 100% hosted in Europe and we do not share any data outside of Europe.
We request customers' approval on:
- Acceptance of the processing of personal information for marketing purposes,
- Acceptance to access the personal data, for market research and statistics.
Kooomo does not require the use of an app. Other eCommerce platforms, such as Shopify or Bigcommerce have their own GDPR Shopify app and Bigcommerce mobile app. Kooomo manages all the GDPR compliance policy tasks under one-single GDPR compliance platform.
In case you are using the Shopify GDPR app, you should acknowledge the following aspects:
- If you need to get permission for providing a certain type of service, you should keep in mind that GDPR has strict regulations for asking for the consent of its users. Whether you use interest-based segments to target ads or different tracking codes in marketing, whether those segments use “delicate data” as defined in the GDPR.
- In case you have to use “profile” or “automated decision-making”, these can request additional mandatory obligations under the requirements of GDPR law.
- Brands can install both listed and unlisted apps from an app listing page which uses Shopify App Store URL.
- To have an available GDPR Shopify App, this has to be listed and indexed in more places. Moreover, custom apps are integrated in an exclusive way for a single Shopify store and do not appear on the Shopify App Store.
- Custom apps are built exclusively for a single Shopify store and aren't listed on the Shopify App Store.
In regards to this, Bigcommerce GDPR compliance requires the following amendments:
- Implement cookie consent in the settings of your website
- Establish third-party and custom scripts
- Checking all your apps and integrations
- Asking for consent in the newsletter sign-up and all your marketing communications
Posted by: Irina Ciutaco