Showing results for 
Search instead for 
Did you mean: 

GDPR Compliance for those with EU customers

New Contributor

GDPR Compliance for those with EU customers

For those of you with European customers, I'm curious, how are you handling GDPR compliance?


What is GDPR?

The General Data Protection Regulation ( that governs how the data of EU citizens is stored and transferred.



Could be 10-20 million euros or 2-4% of global revenue (whichever is higher). Yowser!


What does it cover?

Any personally identifying data, name, address, etc., but also cookies and IP addresses used to track activity. Not just the data on your servers, but any data hosted on SaaS platforms (think Salesforce, Dropbox, Google Drive, etc.), in the Cloud (AWS, Azure, etc.) or shared with 3rd parties as well.


What can't you do?

In short, store the personal data of EU citizens anywhere that doesn't adhere the the EUs strict rules either by being a country recognized as complying, or having lots of specialized business agreements in place.


What must you do?

At a very high level that barely scratches the surface (I am not a lawyer)...

  • Allow opt outs for cookies, etc.
  • Capture explicit opt ins (no pre-checked boxes, no fine print).
  • Make sure data is accurate. So if a customer updates their information in one system, make sure it's updated in all your others as well. Not just the data in your databases, but third parties you've shared that data with as well (automated updates and push notifications from your customer master would be prudent), and ensure inaccurate data is never processed.
  • Be able to export and share all a customers data (including transactional data), within one month of request. 
  • Be able to delete a customer and all records associated with the customer, across all your systems, within a month of request.
  • Notify the commission within 72 hours of a data breach of any kind.

I'd love to hear about:

  • How you're approaching GDPR compliance.
  • Which hosting companies and SaaS vendors have policies in place to support GDPR.
  • Your biggest GDPR challenges.





Nicola Kinsella | Ask me about Order Management
Occasional Visitor

Re: GDPR Compliance for those with EU customers

Hi Nicola,

this is a very interesting topic. I'd love to discuss a bit further on email if that's interesting to you.



Ivo Spigel


Perpetuum Mobile


Occasional Contributor

Re: GDPR Compliance for those with EU customers

Hi Nicola,

This is an issue we are now having to consider with a new Magento2 website. It all seems to be a little fuzzy and full of grey areas - particularly with respect to b2b. We would love to hear how other people are preparing.

New Contributor

Re: GDPR Compliance for those with EU customers

Hi there, 
I'm curious if anyone has any updates on this topic? Has anyone tackled this yet?

Thank you!

New Member

Re: GDPR Compliance for those with EU customers

Hi all, 

If you speak a little bit of french, you may find this article and the associated module quite interesting! 

the article :

the GDPR module for magento 2 :

Occasional Contributor

Re: GDPR Compliance for those with EU customers


The biggest challenge (so far) is how to delete old orders. Does anyone know if that is necessary?


As far as I know it's not possible to delete orders (Magento 1) and those records are needed for accounting.