European Commission had proposed GDPR (General Data Protection Regulation) to strengthen and unify data protection for individuals within the European Union (EU) while addressing the export of personal data outside the EU. Every member state of the European Union has to implement GDPR requirements because their aim is to create more consistent protection of consumer and personal data across EU nations.

There are some important factors related to privacy and data protection which are required in GDPR

• For data processing you require consent of subjects.
• Anonymizing collected data to protect privacy
• To Provide data breach notifications
• To secure data transfer across the borders.
• Certain companies need to appoint a data protection officer to oversee GDPR Compliance.

To put it in simple words, EU Citizens’ data will have protected processing and also it will secure the movements of citizens’ personal data as the GDPR mandates a baseline set of standards for companies.

WHO IS SUBJECT TO GDPR COMPLIANCE?

GDPR compliance is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws which should be are consistent across the entire EU.

Along with EU members if any company that markets goods or services to EU residents, regardless of its location is subject to the regulation. Therefore, GDPR will have an impact on data protection requirements globally.

What types of privacy data does the GDPR protect?

• Identity information such as name, address and ID numbers,
• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation

When do companies need to be in compliance?

By May 25, 2018 Companies must be able to show compliance.

What does the GDPR mean for my website?

• You need to obtain prior consent from the visitor if your website is serving individuals from the EU and you – or embedded third party services like Google and Facebook – are processing any kind of personal data.
• Prior to processing any personal date you first need to obtain valid consent, you need to describe the extent and purpose of your data processing in plain language to the visitor.
• This information must be available to the visitor at all times, e.g. as part of your privacy policy. You must also make available an easy way for the visitor to change or withdraw consent.
• You must document cookies and online tracking details so that you will be able to show that documentation to both your users and the EU which is one of the GDPRs requirements.
• All consent must be logged as a proof and all tracking of personal data as well should be embedded by third party service must be documented and also hereunder to countries data which is being transmitted.

Solution:

We’ve developed a Magento extension which will help you with GDPR.