Browse by Topic

General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR) is an update to regulations for the processing of data and private information online. This will apply to online stores based in the European Union or those that do extensive business in Europe. GDPR places the responsibility on businesses to give individuals more control over their personal data. If your online store violates the regulations, you could face fines. GDPR goes into effect starting May 25th, 2018.


Disclaimer: The information in this article is for guidance only and does not constitute legal or professional advice. Always consult a qualified lawyer on any specific legal problem or matter. BigCommerce disclaims all liability with respect to the information in this document.

Is my Business Affected?

GDPR applies to you if your online store is based in the European Union or your store targets shoppers in the European Union. To be more certain if GDPR applies to your business, contact a legal professional.

How BigCommerce is Compliant

As an ecommerce platform, BigCommerce is compliant with GDPR. BigCommerce provides the following features that make it compliant:

  • Continue to meet requirements of the Privacy Shield program and will action all Data Subject Access Requests submitted to, within the required 30 days.
  • Deleting customer data from the BigCommerce Control Panel will remove Personal Data associated with that customer within 14 days.
  • Customers can correct or update their data when they log in to their account.
  • Make data portable. Customer data can be exported into the CSV format by the Bulk Import Export tool.
  • Requires consent to use data. You can easily add a checkbox to give your users the ability to view and agree to your privacy policy.
  • In the event that any data breach involves BigCommerce, we will report the event to you without undue delay.
  • The BigCommerce security team ensures data that transits to our platform is protected at every stage.

While BigCommerce meets these requirements, any add-ons to your store, such as third-party apps, custom code, or payment gateways, are not included in this consideration. 

Suggested Actions for GDPR

There may be some steps your business will need to take to make your store fully compliant. 

Create a GDPR compliant Privacy Policy 

Make sure you have a Privacy Policy page on your store. See our example privacy policy for an idea of what the page should include.

Check your Apps and Integrations

Any apps that you use with your online business will also need to be compliant. If the app or integration does not explicitly say their product is compliant, you will have to reach out to the vendor directly to confirm if they meet GDPR requirements for compliance.

For account sign-up forms, you can include a form field checkbox for consent to your privacy policy. See Adding and Editing Fields in the Account Signup Form for instructions on how to do this for your store. 

Report Security Breaches

Take steps to make sure your customers' data is secure, and if there's a breach, disclose it to the Supervisory Authority within 72 hours.

To learn more about security and privacy, join our Security & Privacy Community Group. Our security team will answer questions about security issues and how to make sure you are compliant.

Was this article helpful?