GDPR – How to achieve compliance with Magento
Many businesses are not yet planning for change to become GDPR compliant. This will only add to the stress of small business owners as the deadline approaches. Organisations have been given a 2 year lead-time to become compliant and this ends 25th May 2018.
In reviewing 100 Magento E-Commerce websites we found NONE to currently be compliant with the new ‘express consent’ Cookie Directive. Unlike the existing Cookie legislation which mandates only ‘implied consent’ site owners can passively communicate the assumption to visitors that Cookies are used and if they do not like it they are free to leave. The new legislation requires that NO non-essential cookies (3rd party cookies or beacons) are used until after ‘express consent’ has been acquired.
What does this mean?
If your website is found to store cookies from third parties without obtaining ‘express consent’ then your business is liable for heavy fines. This includes all 3rd party services which rely on Cookies such as Analytics, Adwords, Hotjar, CrazyEgg, Facebook Pixel Tracking, Adsense/DoubleClick to name a few. You must implement a method to withhold all these 3rd party add-ons from storing cookies unti ‘express consent’ is obtained. How do you achieve his? Continue reading!
Another aspect of the legislation most pertinent to Magento site owners is the topic of customer data and how it is stored. Whilst GDPR requires that you have processes to completely remove any data which you hold on a customer, as a business you have the right to retain the information if it relates to sales. This is where things get a little more complicated. Magento core has certain mechanisms to retain customer data even though the customer might not have completed a transaction. This might be retained in quote tables, customer tables and sales tables. Whilst quote tables can be configured to purge data after so many days, sales data, particularly failed order attempts (which you have no legal right to retain because there is no sale, and Magento 2 stores ALL failed sales records), then all Magento customers are facing the same risks of non-compliance.
As a Magento Systems Integrator AND owner of other Magento-based businesses I’m happy to report we have hopefully made this whole daunting process much easier.
We strongly recommend the following to any small business on Magento
We are actively taking feedback on our extension to ensure we are best serving the needs of Magento site owners. Please contact us at firstname.lastname@example.org if you have any concerns or questions.