Getting compliant with EU General Data Protection Regulation (GDPR)
page last edited on 11 July 2018
Since the amended General Data Protection Regulation, commonly known as GDPR, came into force on 28 May 2018, website owners in Europe and outside it have been forced to seek ways to comply with the new regulations on processing the EU residents’ personal data (collecting emails, monitoring site visitors behavior by IP, etc).
Before you start any changes in your online store, we advise that you should contact competent authorities. They can help with the audit and will also provide you with the list of the necessary changes that your business needs.
All X-Cart 5 editions (Business, Multivendor and Ultimate) are GDPR-friendly via a special GDPR addon.
- Installing and configuring GDPR module
- GDPR Module: Admin Experience
- GDPR Module: Customer Experience
Installing and configuring GDPR module
To make your X-Cart 5 based website compliant with the EU legislation on GDPR, install and enable the GDPR module as described in Installing addons from the Marketplace.
Once installed proceed to the module settings page to configure it.
You’ll see a screen of the kind where it will be possible to enable displaying a cookie pop-up and edit the list of countries the cookie pop-up is displayed for.
You’ll need the Geolocation Module to be able to limit the cookie pop-up to be shown for customers from particular countries only.
The default Privacy statement page can be located in the Content -> Pages section of your store admin area.
To edit the page content click on the page name. You’ll see the Privacy statement edit page
Don’t forget to save the changes when you are done.
GDPR Module: Admin Experience
The addon tracks all the activities related to processing your store customers’ personal data and keeps their records in the store back-end on a special GDPR activities page (Store setup -> GDPR activities).
This page gathers info on all store accounts and 3d party services used in the store that have access to the store customers’ personal data. The list of the activities contains the information about the addons, users, payment and shipping methods which have access and have used the personal data.
GDPR Module: Customer Experience
The first thing your store customers will come across with will be a cookie pop-up if it’s enabled in the GDPR module settings. The addon settings allow disabling the cookie pop-up at all as well or showing it only for customers from particular countries only.
If preferred a store admin can change the cookie pop-up content using the Webmaster Mode.
For this purpose it will be necessary to:
- Open the storefront while logged in as a store admin
Hit the Gear icon in the bottom left corner and activate Labels editor (make sure the Highlight labels option is switched to ON). You’ll see the pop-up text highlighted.
Click on the text you want to change and enter the new label value in a pop-up.
- Save the changes
The next thing your store customers and visitors will have to deal with will be the customer consent checkboxes on checkout page, on the registration page and on the contact us page.
Registered customers will need to tick the checkbox only once and anonymous users will have to confirm their consent every time they place an order or submit a request in the Contact Us form.
The text of the consent checkboxes can also be editer in the Webmaster mode the same way as described above for the cookie pop-up.
Also there is a link in customers’ area that allows deleting customers profiles. Profile deletion removes the data stored in the profile and communication with the store owner and sellers.
If anonymous customers want to remove their personal data, they can request it using a Contact Us form on your website.
Help make this document better
This guide, as well as the rest of our docs, are open-source and available on GitHub.