For those of you with European customers, I'm curious, how are you handling GDPR compliance?
What is GDPR?
The General Data Protection Regulation (https://gdpr-info.eu/) that governs how the data of EU citizens is stored and transferred.
Could be 10-20 million euros or 2-4% of global revenue (whichever is higher). Yowser!
What does it cover?
Any personally identifying data, name, address, etc., but also cookies and IP addresses used to track activity. Not just the data on your servers, but any data hosted on SaaS platforms (think Salesforce, Dropbox, Google Drive, etc.), in the Cloud (AWS, Azure, etc.) or shared with 3rd parties as well.
What can't you do?
In short, store the personal data of EU citizens anywhere that doesn't adhere the the EUs strict rules either by being a country recognized as complying, or having lots of specialized business agreements in place.
What must you do?
At a very high level that barely scratches the surface (I am not a lawyer)...
I'd love to hear about:
this is a very interesting topic. I'd love to discuss a bit further on email if that's interesting to you.
This is an issue we are now having to consider with a new Magento2 website. It all seems to be a little fuzzy and full of grey areas - particularly with respect to b2b. We would love to hear how other people are preparing.
If you speak a little bit of french, you may find this article and the associated module quite interesting!
the GDPR module for magento 2 : https://github.com/AdfabConnect/magento2gdpr
The biggest challenge (so far) is how to delete old orders. Does anyone know if that is necessary?
As far as I know it's not possible to delete orders (Magento 1) and those records are needed for accounting.