The General Data Protection Regulation (GDPR) is legislation that controls data protection and privacy for all individuals in the European Union, and includes the export of personal data outside the EU. The GDPR was adopted in April 2016, and became enforceable on 25 May, 2018. Business that are not based in the EU, but engage in global commerce must also comply with the regulation.
All organizations that process personal data must disclose the following:
- The type of data that is collected
- The purpose for collecting the data
- The method that is used to collect the data
- How long the data is retained
- Whether or not the information is shared with others
Examine the current privacy policies for all of your Magento stores to ensure that they align with GDPR requirements. Maintain transparency, and keep thorough documentation.
Visit the Magento website to learn how Magento helps merchants address GDPR compliance. For developers in need of technical information, including data flow diagrams and mapping, see: Magento 2.1 GDPR compliance.