Today we’ll tell you (a) what GDPR means to us and (b) what you should assess in Magento for not to get fined.
What does GDPR mean to Amasty?
Amasty is a law-abiding company that fully meets the requirements of personal data protection. We’ll continue taking care of our customers’ personal data safety and security.
We commit to fully comply with new legislative requirements and therefore, are making all the changes requested by the law.
To date, we’ve:
- run an email campaign in which we informed our EU users about the need for the repeat subscription
- made a number of minor changes on our official website
- added ‘consent checkboxes’ and ‘remove/anonymize settings’ to all our extensions related to customers’ data collection.
What should you know about Magento 2 and GDPR?
According to GDPR, a Magento site owner, as well as any EU-level company, can only process personal data under certain conditions where the processing data should be:
(1) transparent for site users
(2) dedicated to a legitimate purpose and
(3) limited in time required for the purpose fulfillment.
freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Within the EU’s General Data Protection Regulation, you need to:
(1) determine your role (data controller; data processor)
(2) provide your site users with transparent information about the personal data collection
(3) give the personal data being processed on the user’s request
(4) delete the personal data from the site database on the user’s request or when it’s no longer required for the processing purpose
(5) respect the user’s right to correct and object to the incorrect personal data.
Thus, demonstrating your Magento 2 store compliance with GDPR and keeping records are the top-priority tasks for not to get fined.
Why should you assess Magento extensions connected with your account?
Magento called for reviewing areas of your business services related to data processing. Why?
As all Magento Marketplace extensions are developed by 3rd parties, they may store personal data in other locations than the Magento core. And the data can be further sent to external services.
Thus, some 3d-party extensions (like Customer Attributes by Amasty) can store your users’ private data. And in case you collect data from individuals in the EU, you need to:
(2) remove/anonymize the information on the request of an EU individual.