25/05/2018

PrestaShop’s solutions in response to the new data protection requirements

As you know, on the 25th of May 2018, the new text on personal data protection will come into effect.

How do I make my PrestaShop version 1.7 store compliant with the GDPR law?

Do you have a PrestaShop 1.7 store? Here are the 3 steps to install the RGPD module:

1) In the back office, go to the Modules> Modules & Services page

2) In the Selection section, use the search bar with the following word (depending on the language of the store):

  • EN: "GDPR"
  • FR: "RGPD"
  • ES: "RGPD"
  • DE: "DSGVO"
  • IT: "RGPD"
  • NL: "AVG"
  • PL: "GDPR"
  • PT: "RGPD"
  • RU: "GDPR"
  • All other languages: "GDPR"

WARNING : it is this exact term which must be used otherwise the module can not be found in the list.

3) A module will appear: "Official GDPR compliance" or "Official RGPD" (FR). Click on Install, et voila!

How do I make my PrestaShop version 1.6 & 1.5 store compliant with the GDPR?

Do you have a store in PrestaShop 1.6 & 1.5? We have developed an official GDPR module specially for you, compatible with PrestaShop version 1.6 & 1.5. Installing this module on your store just takes a few clicks. See our Official GDPR Compliance by PrestaShop (1.6 & 1.7) Module compatible with PrestaShop version 1.6 & 1.7 on our PrestaShop Addons Marketplace.

What exactly is the use of this module?

The purpose of this module is to manage personal data collected by the PrestaShop software, by native modules and community modules installed on your store (only modules that are GDPR-compatible themselves).

It will bring you into compliance by respecting the following requirements:

  • Users' access rights to their personal data in their customer account
  • Users' right to data portability (a copy of their data in an exploitable CSV or PDF format)
  • Users' right to edit or delete their personal data, subject to seller approval
  • Users' right to give and withdraw their consent
  • E-sellers' obligation to maintain a log of processing activities (in particular for the access, consent, and erasure of personal data)

 

In brief, what is the GDPR?

The General Data Protection Regulation (GDPR) is the new benchmark European text on personal data protection.

As you know, on 25 May this new text on personal data protection will enter into application.

This text strengthens individuals’ rights and establishes new accountability rules, requiring stakeholders to implement all the necessary and appropriate measures to guarantee a suitable level of security for personal data processing.

 

Who is concerned by the GDPR and what data is concerned?

The GDPR will apply to all processing of personal data, whether it is automated or not. Data processing is defined as an operation or a series of operations that may or may not be performed using automated processes and applied to data or sets of personal data.

Given the extent of these notions and your e-commerce activity, it is highly likely that you process personal data.

Furthermore, the other criterion of the regulation pertains to processing personal data that has a geographical connection with the European Union. In concrete terms, the GDPR will apply when:

- The data controller or its processor has an establishment located in the European Union

- The data controller or its processor does not have an establishment located in the European Union but the persons whose data is processed are located in it. In other words, whether or not you are located in the European Union, the regulation applies to most companies!

What do we really mean by ‘personal data’?

Personal data was already defined in the French 1978 ‘Data protection’ law as ‘any information relating to an individual identified, or who may be identified, either directly or indirectly, with reference to an identification number or several items of information specific to them’.

Personal data is any information relating to an individual that directly or indirectly identifies them. For example, if your customers can create an account on your PrestaShop store or if you gather their telephone numbers, you gather their personal data. IP addresses are also personal data and enter within the GDPR's scope of application.

I'm a PrestaShop contributor, what do I need to do?

Our GDPR module is also useful for module developers to update their module and come into compliance with the GDPR. You will find all the explanations you need in our blog article addressed to developers.

 

IMPORTANT

The purpose of these features is to help you be compliant.

Installing them alone in no way guarantees merchant sites’ compliance with the new obligations imposed by the GDPR.

It is your responsibility to put in place all the necessary measures to ensure you comply.

 

 

Every 2 weeks, get the best ecommerce tips and latest trends in your inbox.

By submitting this form, I agree to the data entered being used by PrestaShop S.A for sending newsletters and promotional offers. You can unsubscribe at any time by using the link in the emails sent to you. Learn more about managing your data and rights.