Since the amended General Data Protection Regulation, commonly known as GDPR, came into force on 28 May 2018, website owners in Europe and outside it have been forced to seek ways to comply with the new regulations on processing the EU residents’ personal data (collecting emails, monitoring site visitors behavior by IP, etc).

Before you start any changes in your online store, we advise that you should contact competent authorities. They can help with the audit and will also provide you with the list of the necessary changes that your business needs.

All X-Cart 5 editions (Business, Multivendor and Ultimate) are GDPR-friendly via a special GDPR addon.

Installing and Configuring the GDPR Addon

To make your X-Cart 5 based website compliant with the EU legislation on GDPR, install and enable the GDPR addon as described in Installing Addons from the X-Cart App Store.

Once installed proceed to the addon settings page to configure it. 541-gdpr-installed.png

You’ll see a screen of the kind where it will be possible to enable displaying a cookie pop-up and edit the list of countries the cookie pop-up is displayed for. 541-settings-page.png

You’ll need the Geolocation addon to be able to limit the cookie pop-up to be shown for customers from particular countries only.

Also you will need to add a decent Privacy policy that will describe the policy of your store in regards to collecting customers’ personal data and make sure your website visitors know where to find it. You can use a default “Privacy Statement” page that is added by the GDPR addon or include this info as a part of the Terms and conditions page. It’s up to you to decide what suits your business better.

The default “Privacy statement” page can be located in the Content -> Pages section of your store Admin area. 541-pages-privacy-policy.png

To edit the page content

  • Click on the page name to see the “Privacy statement” edit page: privacy-statement-1.png

  • Locate the text in the Content field and edit it.

    Generally, it is necessary to replace the values in yellow with the corresponding information about your company. If preferred, you can replace the default text completely with of your company Privacy policy instead.

    The rest of the changes can be done the same way as described in Adding pages to your store.

  • Save changes when you are done.

GDPR Addon: Admin Experience

The addon tracks all the activities related to processing your store customers’ personal data and keeps their records in the store back-end on a special GDPR activities page (Store setup -> GDPR activities). 541-gdpr-activities.png

This page gathers info on all store accounts and 3d party services used in the store that have access to the store customers’ personal data. The list of the activities contains the information about the addons, users, payment and shipping methods which have access and have used the personal data.

GDPR Addon: Customer Experience

The first thing your store customers will come across with will be a cookie pop-up if it’s enabled in the GDPR addon settings. The addon settings allow disabling the cookie pop-up at all as well or showing it only for customers from particular countries only. 541-storefront-home.png

If preferred a store admin can change the cookie pop-up content using Labels Editor. 541-labels-editor.png

The next thing your store customers and visitors will have to deal with will be the customer consent checkboxes on checkout page, on the registration page and on the contact us page.

Registered customers will need to tick the checkbox only once and anonymous users will have to confirm their consent every time they place an order or submit a request in the Contact Us form.

Checkout page541-secure-checkout.png
Registration page541-sign-up.png
Contact us page541-cintact-us-page.png

The text of the consent checkboxes can also be editer using Labels Editor the same way as described above for the cookie pop-up.

Also there is a link in customers’ area that allows deleting a profile. Profile deletion removes the data stored in a profile and the communication with the store owner and sellers. 541-customer-profile.png

If anonymous customers want to remove their personal data, they can request it using a Contact Us form on your website.