E-Commerce platforms like OpenCart make it easier than ever to start and grow your own business online, no matter where you or your customers are located.
The only significant detail is that different countries have different rules and laws you need to comply with if you want to do business with them.
The latest example of that is GDPR - the General Data Protection Regulation. The purpose of the new regulation is to give more control to EU citizens over their private data.
And it comes into effect this Friday, May 25th, 2018.
What’s GDPR All About
Citizens of the European Union must have more information about the way their data is gathered, processed and shared, and more power over what happens with that data.
This means that all OpenCart merchants who are selling products to citizens of the EU and gathering their data need to know the main practices that ensure that data is secure and handled within the regulations.
The main impact of GDPR will affect the way businesses (big or small) handle the personal data of their users and customers.
So, let’s say your store is located in Canada, but you’re working with citizens of the EU. Even if you’re collecting their emails and nothing else, this is still personal information.
You still need to be fully compliant with GDPR to continue doing it without breaking the regulation and exposing yourself to the fines.
If your store has any relations to the data of a European citizen, adopting the new GDPR guidelines should be a maximum priority, due to the heavy fines that are related to the regulation.
They are imposed by international law:
The penalties start from up to €10 million, or 2% of your annual revenue of the prior financial year.
They go up to €20 million or 4% of your annual revenue of the prior financial year.
In both cases, the penalty equals to whichever number is bigger.
This amount can be devastating for a business and can potentially cause it to shut down, so basically, GDPR compliance is not just an option. It’s a must.
GDPR Compliance Requirements
There are a few steps necessary for making your OpenCart website GDPR compliant.
Communicate the information in a clear way
Complete transparency about your data gathering, processing and sharing practices
Concise and brief
Free of charge
Let’s view an example.
The moment you enter the official Nike website, you immediately get notified about cookie consent, where you have two options.
When you click on More Information, you get details about your cookies, how and why they are used.
Best thing here is you have two options to select if you have any preferences.
All the important parts are bolded and there’s strong emphasis on what’s most important for the data gathering, processing and sharing.
The type of personal data you’re gathering (email address, name, address, phone number, credit/debit card information, etc)
Why do you need it and how you collect it
How will you use it
What security measures you take for your user’s private data
List the third-party services that have access to your user’s data and why
Finally, let users know how they control their private information
Additional important details:
Name of the data controller (Your business or brand name)
Contact information of the data controller (Your email address or phone number)
Do you do customer profiling using the personal data?
Do you transfer customer’s data to third-party services or internationally?
Inform the customer of their rights over their personal data collected by your business
Getting User Consent
Before getting that consent, you cannot collect ANY type of personal information.
The way this is done is by using privacy notices.
A privacy notice is a notification to visitors that tells them about the type of information your website is collecting.
For example, a Cookie Consent Bar, like the one in the new GDPR Compliance extension for OpenCart.
How to Make Your OpenCart Shop GDPR Compliant
Give the Control to Your Users
There should be a link to the GDPR toolset your customers can use to specify their personal data preferences.
With GDPR Compliance, you have a filed in the Settings that lets you show a link to the user’s controls in the footer of your OpenCart website.
When you’re done with that step, you need to make sure your visitors have agreed to it before you gather any personal data about them. Which brings us to the next step...
Enable the Cookie Consent bar. You have the controls you need to customize it and adapt the bar to the design and color scheme of your OpenCart website.
Describe the types of cookies you use in your OpenCart store. You can use a service like EditThisCookie to get information about your cookies.
This allows you to gather data about the visitors who accepted your policy in the Policy Acceptance tab of the GDPR Compliance extension.
An important part of GDPR Compliance is to describe the third-party services that have access to your visitor’s personal data.
Specify the names of the services in the Third-Party tab in the GDPR Compliance extension.
There are two fields. One is for services you use to track, analyze and enhance the customer experience on your website. For example, Facebook Pixel, Google Analytics, etc.
The other is for services that are internal for your website, but still gather data. For example, ERP Integrations.
There are just a few days left until the General Data Protection Regulation comes in full effect. Do your best to prepare your OpenCart store for it if you have any business with customers from the European Union.