Magento Commerce, 2.2.x

GDPR Compliance

The General Data Protection Regulation (GDPR) is legislation that regulates data protection and privacy for all individuals in the European Union and the European Economic Area. The legislation also applies to the export of personal data outside the EU. The GDPR was adopted in April 2016, and became enforceable on 25 May, 2018. Business that are not based in the EU, but engage in global commerce are required to comply with the regulation.

All organizations that process personal data must disclose the following:

  • The type of data that is collected
  • The purpose for collecting the data
  • The method that is used to collect the data
  • How long the data is retained
  • Whether or not the data is shared with others

Examine the current privacy policies for all of your Magento stores to ensure that they align with GDPR requirements. Update your Google Analytics settings to ensure that its use of personal data follows GDPR requirements. Maintain transparency, and keep thorough documentation.

Visit the Magento website to learn how Magento helps merchants prepare for GDPR compliance. For developers in need of technical information, including data flow diagrams and mapping, see: Magento 2.2 GDPR compliance.