Recently, new regulations have been announced against using Google Analytics in Europe, all around the SaaS environment. eCommerce giants such as Amazon and Alibaba, have set their sights on the EU, just like the smaller eCommerce players. In today´s blog, we will discuss, in detail, what criteria you should consider when choosing an eCommerce platform that is 100% GDPR compliant.
First, let´s summarise what GDPR is:     

The EU data privacy law which appeared on 25th May 2018 is designed to allow people to control how their data is being used and protected online. It also allows organisations to use and secure personal data that is collected from other individuals, including the obligatory use of technical safeguards, such as encryption and higher legal thresholds. The organizations that do not follow these regulations will need to pay penalties of up to 4% out of their global revenue or €20 million.

Secondly, let's see how GDPR can affect you as a consumer:   

 The eCommerce GDPR compliance guarantees protection and control over personal data in case it is collected, used or sold. Needless to say that the purpose of GDPR is to offer protection to visitors' data belonging to European citizens. Moreover,  the GDPR law applies to organizations that hold this kind of data, whether these organizations are in Europe or not. This is also known as the “ extra-territorial” effect.

Moreover, we will focus on the mandatory factors that you take into account when choosing an eCommerce platform that is 100% GDPR compliant:

1. Privacy policy page
There is no doubt that the privacy policy page should always be accessible on your website and every time you have to store data about users. A privacy policy is a juridical document that shows how and why you collect people´s data and it should be available to users whenever their data is collected. Furthermore, the information that should be in the privacy policy is presented in Articles 13 and 14 of the GDPR. A company that stocks individuals' data, information on who they share it with, how they protect it, why they are allowed to process it and what rights people have.
2. The cookie consent  

 Furthermore, the GDPR compliance for SaaS companies requires that the users are 100% in charge of their data.  In their designs, companies are called “dark-patterns¨ and get more than 90% of users to click the  “accept” button while the stats are showing that just 3%  are willing to agree. To counteract this behaviour, Noyb launched the second round of their movements, as a follow-up to their first instalment, which went live on May 2021. Other 270 draft complaints have been sent to website operators whose banners are not fully complying with the GDPR. Since Noyb offered guidelines for companies, more and more eCommerce brands implemented compliant banners and improved their status.

What you should do:
As a GDPR compliance eCommerce to-do task, you should advise your customers about the purpose of your cookies and trackers before managing something else apart from the mandatory cookies.
3. Creating a  GDPR landing page

Nevertheless, GDPR compliance for eCommerce is being proven through a landing page that forces customers to either approve or decline your request to use their data. Most retailers are “all or nothing”- either they approve of every way that you store and use their data, or they decline. In case they approve, the shopper will go back to use your complete site. If they decline, they will be blocked.

4. Make website adjustments

 There is no doubt that this is a mandatory GDPR compliance for eCommerce, this being a very delicate topic, in particular for developers and marketers.

 In fairness, only 80% of the issues can be sorted out by changing the forms and getting consent for cookies.

GDPR compliant

For example, on the Kooomo website, you can discover the GDPR landing page, and find more information regarding the way we store the data of our customers.

5.  Opt-In Forms

As a traditional way of gathering information by eCommerce businesses, there are no strict regulations on how to properly manage this procedure. Our recommendation is to follow the email service provider´s indications.

How Kooomo can help

Our servers are hosted in Europe and we do not share any third-party data outside of Europe. We follow strict guidelines on how to handle personal data. For more information, follow this link.


As we have seen above, GDPR compliance in eCommerce requires a lot of knowledge and preparation. Kooomo facilitates this whole process and provides you with 100% GDPR compliant software.