How to GDPR prepare your online store?

by | May 24, 2018 | Blog, Ecommerce, News | 0 comments

GDPR or General Data Protection Regulation is an updated version of the 1995 Data Protection Directive. With the advance of the different ways we go on the internet, a more defined law was in demand. The GDPR is drawn to protect the rights of all the European Union citizens from companies who collect data, irrespective of location. GDPR wants companies to think before asking – Why I need the information, what will I do with it, how will I use the information, who will see the iniformation and where will it be stored. The law comes into effect on 25th May, 2018. Before this, you must GDPR prepare your online business.

DISCLAIMER: Keep in mind this is just Web 2 Market’s current understanding, which will evolve as the practical aspects get worked out. We recommend you make a ‘good faith effort’ to comply. This is not legal advice and we aren’t lawyers. If you have legal questions, please consult a lawyer.

What are the fines if you don’t GDPR prepare your business?

The GDPR is strict if you don’t comply. If you don’t comply with the GDPR rules, you will have to pay €20 million or 4% of the total global sales, whichever is the highest.

GDPR prepare

GDPR prepare your online business before May 25th, 2018.

What companies should comply?

The GDPR affects only the European Union countries and protects data of the EU citizens. The law however makes no allowance for companies based on location.

Some company scenarios?

I am a US business owner? Should I also GDPR prepare?
My server is in the UK and we are now not in the Brexit. Do I still need to prepare for GDPR?
I live in Australia and my Magento store is also there. Most of my customers are from Australia. Will GDPR affect me?
My business in Singapore and I only get UK citizens as customers. Do I need to be concerned about GDPR?

As the conditions of the EU are vague, our best recommendation is that you comply, irrespective of location, services or products you sell, and also size of your business. Additionally a GDPR complied notification on your site will allay any fears your shoppers might have about data misuse.

Can I use a plugin or ask our developer to block users from the EU?

Although the concept is good, it won’t work with GDPR. Under the law all the EU citizens are protected, even those residing outside the EU countries. This means, an EU citizen living in the UK can shop on your site. The plugin parameters or the script coded by the developer can wrongly think he/she is a UK national.

It has been brought to our notice that if the EU citizen is in the US, then the data laws of the US will be upheld, while a US citizen in a EU country will have to follow the GDRP laws. However we are not certain if this same is applicable for other countries. [W2M strongly urges all readers to take advice from a legal adviser for clarity.]

Data you should GDPR prepare

  • Emails
  • Phone Numbers
  • Names
  • Credit Card details
  • Bank details
  • Cookies
  • Gravatar pics
  • Uploaded personal photos
  • IP Address
  • Social Media posts
  • Login Forms
  • Subscription Lists
  • Registration Forms
  • APIs
  • Apps
  • Contact us Form

Additional information covered under the GDPR:

  • Mental Condition
  • Gender
  • Age
  • Marital Status
  • Biometric information
  • Ethnicity
  • Location using Geo targeting
  • Religion
  • Political Views
  • Company working for
  • Current Salary

Understanding the GDPR law?

Right of Consent

You must now clearly state your purpose of collecting the information from the user. The details have to be in depth and easy to understand by a five year. You also need to say how you will be using the information, who will have access to the information and where it will be store. You also need to guarantee that you will take the utmost care in securing the data.

Right of Intent

You also have to declare how long you will be keeping the data. This is very important as it informs the user you will not hold hostage their information forever. Once the purpose is done, you will erase the data permanently.

Right to be Forgotten

Users can also now request that their data is deleted forever. You also need to get this done in a timely manner, else you could be sued for damages.

Right to Edit

Sometimes a user can enter a data wrong, like in an application form. You must allow the users to edit their form, in the present and also any time in the future.

Right to Oppose

Users also have the right to oppose how you will use their information. If you get such a request, you should cease and desist immediately.

Right to Move Data as Required

And finally, another good one is the right to move data. If a user requests their personal information to be moved to another person, location, service or company, you have to do it, as soon as possible.

Other important facts about GDPR:

The common practice now is to have an already checked box in forms. Usually the user is automatically enrolled in some subscription plan. However, there have been times when the user doesn’t want to be enrolled in any such plans, but didn’t see the checked box in time.

The GDPR demands that you can no longer “Opt in” users. Your boxes should be unchecked. And it is the user’s choice whether they want to subscribe or not.

This is seen as a positive move by most people as it will minimize spam mails.

Another very important thing that the GDPR says is how you should handle the situation when there is a data breach. Within 72 hours you have to inform all the people of the data theft. And to see how seriously GDPR takes this, there is no provision for business hours or holidays.

How to GDPR prepare?

Privacy Policy

The first thing you need to do is update your privacy policy. Include details as to why, how, who and where the information is used. Use the convenient Privacy Policy Page Generator.

Also add privacy notes in text areas, informing the user why that particular data is needed and how you will use it. For example in the email field, you need to have a comment box that says the email will never be used unsolicited services. And furthermore, the email is safe from hackers. Learn more in GDPR: How to write a Privacy Notice – Best Practices.

Terms and Conditions

Another area that you will have to change is the terms and conditions page. Again say how you will handle the personal information collected. What third-party programs or services you plan to share the information with and so on. Terms and Conditions Generator will be useful.


Users have to give their consent before cookies can be saved. But again like the previously stated, the cookie notice also has to be meaningful and in depth. Clear reasons you are using the cookie must be given. Check out GDPR and cookies | What do I need to know? | Is my use of cookies compliant?


You also need to send an email to all your existing customers informing them of the GDPR law. And also ask them to give their consent again to comply with the law.

Also from time to time you will have to renew the consent given by the people. This is to ensure they still don’t object to the saving of the personal information.

If personal information is used for marketing, case studies, historical research and statistics, consent is required. And also need to make your programs GDPR compliant like Google Analytics and Mail Chimp.

Record Keeping

You also need to deal with the GDPR as you do the IRS (Income tax department). You need to keep record of all the user consents. And show them when there is a data audit.

More information:

Check out the European Union GDPR official site if you need more help. There are also a lot of other legal terms you need to understand. Like the difference between controller and processor. And which one do you come under. Also what is a Data Protection Officer and if you need one for your business. And of course understand what data audits entail.

In conclusion, GDPR prepare your Magento business before the deadline of 25th of May, 2018.


Web 2 Market Digital Marketing Case Study

American Technical Publishers (“ATP”) is an industry leader in textbook publishing for career and technical training. Founded in 1898, the company sells worldwide through its website on the domain and by phone order. As ATP improved its product...

Learn how eCommerce with Magento helps expand Online Business

Online shopping is a billion dollar industry. And Magento has cornered the eCommerce market with more than 250,000 online stores in America alone. The reputation is because of the Magento program’s ability to fit any online business. All that stops you from standing...

Magento website templates – How the right template can boost sales?

Magento is an out of the box eCommerce software. And it also has a free Community version which is the most popular. Because of the way Magento is set up, no two online stores look and feel the same. The uniqueness comes from the way the store is designed using...

Hosting for Magento – How to find the right hosting for eCommerce stores?

Magento is a huge program to host. Without a great hosting partner, the Mage program loses all its benefits. Coded on the PHP framework, Magento is a very popular program that comes without a host. The one click out of the box store is easy to install. However it is...

eCommerce Magento theme – How to choose the right theme for your online store

eCommerce Magento theme involves different ways to go about it. Magento is an open source program which comes with a theme and a blank theme file which can be worked on. This helps online stores to add unique features to their store. For example, you can create blocks...

Magento site – What are the basic features for an online store

Magento is a huge program that is popular among eCommerce owners. All you need is to install Magento and set up the store. This out of the box solution even allows people to customize the store. However the customization should be undertaken by an experienced person....

Free Magento templates for Community and Enterprise stores

Magento has changed the eCommerce industry by providing the out of the box store solution. No matter what type of products you sell, Magento fits. Most business owners are however not very in tune with how to setup their eCommerce store. This includes finding the...

Magento Free templates – Tips to choosing the right store template

Magento offers a lot of potential for eCommerce store owners. It is open source, and provides an out of the box easy solution. This means the store is flexible to design and code according to your requirements. The very first thing that most store owners look for is a...

Design Magento – Three design tips for every online store owner

Magento is a very popular eCommerce program with online store owners. The way you can design Magento stores is unique. This of course leads to creating your very own branded store. There are however some things to consider when designing your store. Let’s look at just...

Magento program – How to find the right hosting for Mage?

The Magento program has been downloaded more than 4 million times. And since 2017, more than 48,000 Mage stores have been set up. The popularity is because Magento offers a store that is easy to install and use. It also has a free version for small and medium business...