How to Prepare Your OpenCart Website for GDPR (General Data Protection Regulation)

E-Commerce platforms like OpenCart make it easier than ever to start and grow your own business online, no matter where you or your customers are located.

The only significant detail is that different countries have different rules and laws you need to comply with if you want to do business with them.

The latest example of that is GDPR - the General Data Protection Regulation. The purpose of the new regulation is to give more control to EU citizens over their private data.

And it comes into effect this Friday, May 25th, 2018.

What’s GDPR All About

Citizens of the European Union must have more information about the way their data is gathered, processed and shared, and more power over what happens with that data.

This means that all OpenCart merchants who are selling products to citizens of the EU and gathering their data need to know the main practices that ensure that data is secure and handled within the regulations.

The main impact of GDPR will affect the way businesses (big or small) handle the personal data of their users and customers.

So, let’s say your store is located in Canada, but you’re working with citizens of the EU. Even if you’re collecting their emails and nothing else, this is still personal information.

You still need to be fully compliant with GDPR to continue doing it without breaking the regulation and exposing yourself to the fines.

GDPR Penalties

If your store has any relations to the data of a European citizen, adopting the new GDPR guidelines should be a maximum priority, due to the heavy fines that are related to the regulation.

They are imposed by international law:

The penalties start from up to 10 million, or 2% of your annual revenue of the prior financial year.

They go up to 20 million or 4% of your annual revenue of the prior financial year.

In both cases, the penalty equals to whichever number is bigger.

This amount can be devastating for a business and can potentially cause it to shut down, so basically, GDPR compliance is not just an option. It’s a must.

GDPR Compliance Requirements

There are a few steps necessary for making your OpenCart website GDPR compliant.

Privacy Policy Updates

You can start by reworking your privacy policy. GDPR will be on the watch for the following requirements that must be a part of your policy:

  • Communicate the information in a clear way

  • Complete transparency about your data gathering, processing and sharing practices

  • Concise and brief

  • Easily accessible

  • Easy-to-understand wording

  • Free of charge

This is strictly about the way in which you need to write and structure your privacy policy.

Let’s view an example.

The moment you enter the official Nike website, you immediately get notified about cookie consent, where you have two options.

To learn more information, to accept, and to view their Privacy & Cookie Policy.

When you click on More Information, you get details about your cookies, how and why they are used.

Best thing here is you have two options to select if you have any preferences.

A good example for an improved and compliant privacy policy is the one in their website:

All the important parts are bolded and there’s strong emphasis on what’s most important for the data gathering, processing and sharing.

Your new Privacy Policy must include the following:

  • The type of personal data you’re gathering (email address, name, address, phone number, credit/debit card information, etc)

  • Why do you need it and how you collect it

  • How will you use it

  • What security measures you take for your user’s private data

  • List the third-party services that have access to your user’s data and why

  • Note whether you use cookies and how

  • Finally, let users know how they control their private information

Additional important details:

  • Name of the data controller (Your business or brand name)

  • Contact information of the data controller (Your email address or phone number)

  • Do you do customer profiling using the personal data?

  • Do you transfer customer’s data to third-party services or internationally?

  • Inform the customer of their rights over their personal data collected by your business

Getting User Consent

You need to get definite and clear confirmation by users that they agree to your Privacy and Cookie Policy in order to apply it to them.

Before getting that consent, you cannot collect ANY type of personal information.

The way this is done is by using privacy notices.

A privacy notice is a notification to visitors that tells them about the type of information your website is collecting.

For example, a Cookie Consent Bar, like the one in the new GDPR Compliance extension for OpenCart.

How to Make Your OpenCart Shop GDPR Compliant

Start by installing the GDPR Compliance extension available now on the OpenCart Marketplace. The module is compatible with OpenCar 1.5.4.x - 3.x

Give the Control to Your Users

There should be a link to the GDPR toolset your customers can use to specify their personal data preferences.

With GDPR Compliance, you have a filed in the Settings that lets you show a link to the user’s controls in the footer of your OpenCart website.

Update Your Privacy Policy

Using the guidelines we listed above, rework your Privacy Policy so it’s GDPR compliant.

For instance, you can use a source like the Terms Feed Privacy Policy Generator.

Update your policy via Catalog > Information > Privacy Policy.

When you’re done with that step, you need to make sure your visitors have agreed to it before you gather any personal data about them. Which brings us to the next step...

Cookie Consent

Enable the Cookie Consent bar. You have the controls you need to customize it and adapt the bar to the design and color scheme of your OpenCart website.

Inside, you can modify the Cookie Consent bar’s content, button as well as the link to the Privacy Policy.


Describe the types of cookies you use in your OpenCart store. You can use a service like EditThisCookie to get information about your cookies.

Check if the GDPR Compliance cookies are matching your cookies. If you use any additional ones, describe them in the extension. You can place it at different positions and enable or disable the click tracking for Privacy Policy Acceptances.

This allows you to gather data about the visitors who accepted your policy in the Policy Acceptance tab of the GDPR Compliance extension.

Third-Party Services

An important part of GDPR Compliance is to describe the third-party services that have access to your visitor’s personal data.

Specify the names of the services in the Third-Party tab in the GDPR Compliance extension.

There are two fields. One is for services you use to track, analyze and enhance the customer experience on your website. For example, Facebook Pixel, Google Analytics, etc.

The other is for services that are internal for your website, but still gather data. For example, ERP Integrations.

Important: All the third party services on your OpenCart website that have access to your customer’s data must be mentioned in your Privacy Policy together with their contact information.


There are just a few days left until the General Data Protection Regulation comes in full effect. Do your best to prepare your OpenCart store for it if you have any business with customers from the European Union.

Get your OpenCart Store GDPR Compliant