General Data Protection Regulation (GDPR)
EU General Data Protection Regulation (GDPR) is an update to regulations for the processing of data and private information online. This will apply to online stores based in the European Union or those that do extensive business in Europe. GDPR places the responsibility on businesses to give individuals more control over their personal data. If your online store violates the regulations, you could face fines. GDPR goes into effect starting May 25th, 2018.
Disclaimer: The information in this article is for guidance only and does not constitute legal or professional advice. Always consult a qualified lawyer on any specific legal problem or matter. BigCommerce disclaims all liability with respect to the information in this document.
Is my Business Affected?
GDPR applies to you if your online store is based in the European Union or your store targets shoppers in the European Union. To be more certain if GDPR applies to your business, contact a legal professional.
How BigCommerce is Compliant
As an ecommerce platform, BigCommerce is compliant with GDPR. BigCommerce provides the following features that make it compliant:
- Continue to meet requirements of the Privacy Shield program and will action all Data Subject Access Requests submitted to email@example.com, within the required 30 days.
- Deleting customer data from the BigCommerce Control Panel will remove Personal Data associated with that customer within 14 days.
- Customers can correct or update their data when they log in to their account.
- Make data portable. Customer data can be exported into the CSV format by the Bulk Import Export tool.
- In the event that any data breach involves BigCommerce, we will report the event to you without undue delay.
- The BigCommerce security team ensures data that transits to our platform is protected at every stage.
While BigCommerce meets these requirements, any add-ons to your store, such as third-party apps, custom code, or payment gateways, are not included in this consideration.
Suggested Actions for GDPR
There may be some steps your business will need to take to make your store fully compliant.
Check your Apps and Integrations
Any apps that you use with your online business will also need to be compliant. If the app or integration does not explicitly say their product is compliant, you will have to reach out to the vendor directly to confirm if they meet GDPR requirements for compliance.
Explicitly ask for Consent in Sign-up
Report Security Breaches
Take steps to make sure your customers' data is secure, and if there's a breach, disclose it to the Supervisory Authority within 72 hours.
To learn more about security and privacy, join our Security & Privacy Community Group. Our security team will answer questions about security issues and how to make sure you are compliant.