On May 25th, the General Data Protection Regulation (GDPR) will take effect. The GDPR is the European Union’s new data privacy law which impacts how all companies (big and small) collect and handle personal data about their European customers.
We know that every business is different, and some of you might need more preparation than others to comply with the GDPR. We fully believe that we will comply with the GDPR the moment it takes effect, and that you will be able to use our platform in a way that also complies with the GDPR from the outset. Because we think it’s important that you trust in our data protection practices, we wanted to share the specific steps Shopify has taken to support your efforts (and ours) to prepare for the GDPR.
What has Shopify already done to prepare for the GDPR?
We’ve been hard at work preparing for the GDPR for a while. So far, we have:
- Updated our Terms of Service to automatically include for all merchants a Data Processing Addendum governing how we process your European customers' personal data
- Updated our marketing opt-in to allow you to be able to set it up as unchecked for your store, and also allowed you to tie abandoned cart notifications to whether the customer has opted into marketing
- Prepared a whitepaper to explain how we are approaching certain legal requirements under the GDPR
- Prepared a document to help you identify next steps as you prepare for the GDPR
What else will Shopify have ready before May 25 for the GDPR?
We are also working on a few important projects that we will be releasing before May 25:
Rolling out a way for you to request that individual customer records be deleted, or to request all of the information we have collected about a customer for an access request in your admin. When you request that individual customer records be deleted, we will also be propagating these requests to the relevant apps you have installed on your store.
On May 25th, you can find the information and deletion request options on each customer's profile in Shopify.
We recognize that you will need to independently prepare for the GDPR on your end, and have put together a document to help you identify your next steps in ensuring that your store complies with the GDPR. That said, the GDPR is an extremely complicated set of requirements that will apply differently from store to store, and we recommend speaking with a lawyer or data protection professional if you have specific questions about how the GDPR applies to your business.