cancel
Showing results for 
Search instead for 
Did you mean: 

GDPR Compliance for those with EU customers

Re: GDPR Compliance for those with EU customers

You don’t need to delete old orders just make sure if customers ask you to delete their account (“right to be forgotten”) from your website then you just need to anonymise transaction data. We have used the following extension for that sole purpose.

 

for M1


https://www.scommerce-mage.com/magento1-gdpr-compliance.html

for M2

 

https://www.scommerce-mage.com/magento2-gdpr-compliance.html

Re: GDPR Compliance for those with EU customers

Great find!

Thanks for the link. I will try that one.

Re: GDPR Compliance for those with EU customers


@tappelwrote:

... Using Google Analytics or Facebook or whatever for tracking customer behaviour is still allowed without express consent.


Hi Tappel

This is not my understanding (but I can be wrong - it's a complicated subject).

Within Google Analytics you can pinpoint a specified customer by going to "Audience" > "User explorer". Click on one of the "Client ID", check the time and the value of the order. After that, you can find all personal data about that person in Magento admin.

 

Therefor is my take on Google Analytics data that it is personal data. And you need expressed consent for the GA cookie - and also be able to anonymise the order.

 

Best,

Magnus

Re: GDPR Compliance for those with EU customers

@sherrie Is magento 2 going to be updated to offer real GDPR compliance any time soon? I mean we're missing many check boxes when taking customer info. and some tools to delete data on both backend and frontend. I know there are some extensions (2 actually) that will fulfill this new obligations but it will ideally need to be built in Magento as it's right now the cookie policy consent section... thanks for your answer and consideration!  

Re: GDPR Compliance for those with EU customers

So sorry for the delays in response here. 

 

@Brake6: As for Magento 1.x, the M1 mappings are provided in addition to M2: https://magento.com/gdpr

 

Are there Magento product features to help with compliance? To assist merchants with their GDPR compliance efforts, Magento has made data mappings available for the Magento software, so you are able to identify the locations of where information is stored in our application. These mappings are available for Magento 1.x and Magento 2.x and cover Magento Commerce cloud, on-premise as well as Magento Open Source.

I would definitely recommend giving our FAQ a thorough look-through:

https://magento.com/sites/default/files/Magento-GDPR-FAQs.pdf Please do let me know if you have questions that are not answered there.

 

@baghulia: I'm told there are numerous tools on the roadmap to enable merchants to have more control over customer data, cookies, etc. 

--

Developer Relations, Adobe Experience Cloud
Problem solved? Click Accept as Solution!
Still stuck? Check out our documentation: https://magento.com/resources/technical

Re: GDPR Compliance for those with EU customers

These guys have a couple of GDPR extensions for magento, might be worth checking out: https://www.ecomus.co.uk/gdpr-extension

 

They basically include a consent and a cookie extension, they can also give lots of good advice of GDPR.

Re: GDPR Compliance for those with EU customers

Cookies: The ICO state:
"You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent and consent must be actively and clearly given.
Users should be able to disable cookies, and you should make this easy to do."
You are allowed essential cookies, but not non-essential (3rd Party) cookies.

Ecomus GDPR Cookie Extension for Magento 1 allows for 3rd party cookies to be disabled while keeping essential cookies running.
https://www.ecomus.co.uk/gdpr-cookie-extension

Re: GDPR Compliance for those with EU customers

Consent: The ICO state:
"Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
Make it easy for people to withdraw consent and tell them how.
Keep evidence of consent – who, when, how, and what you told people."

Ecomus GDPR Consent Extension for Magento 1 manages the consent required for compliance with GDPR
https://www.ecomus.co.uk/gdpr-consent-extension

Re: GDPR Compliance for those with EU customers

In the UK at least you have to keep records for 6 years for tax purposes.

We aim to write an extension to delete a customers data after 6 years (or however long you want to set).

Possibly might include anonymising the data sooner depending on the legal advice we are given.

This is something that you as a merchant should do, this should not be put in the hands of customers as it could have legal implications.

We would suggest having a section that says 'If you want to receive a copy of your data or have us remove your data then please get in touch', the ICO then give you 30 days to reply.

Get in touch for further info - info@ecomus.co.uk

Re: GDPR Compliance for those with EU customers

You should not delete orders, you need these for the tax man.