OpenCart GDPR Compliance: Privacy Policy Updates for E-Commerce Merchants

OpenCart merchants need to know that the main point of the General Data Protection Regulation (GDPR) is protecting their customers’ personal data and digital privacy.

Of course, this requires you to make some changes to the Privacy Policy in your OpenCart store.

Get GDPR Compliance

Let’s explain all you need to know about updating your Privacy Policy, displaying correct notices on your website and how to get users to accept your new GDPR compliant terms.

When Does GDPR take Effect

The new EU legal framework takes full effect on May 25, 2018.

Its purpose is to unify the current data protection laws throughout the countries in the European Union and give more power to EU citizens to protect their personal information.

Does the GDPR Apply to You?

Absolutely yes, if you’re any kind of business offering products or services to citizens of the European Union.

Since selling to those citizens requires gathering their personal information, you need to be GDPR compliant and update your privacy policy and use the new data collection & management practices.

So, no matter where your business is located, if your OpenCart store has an audience that includes citizens from the EU, GDPR definitely applies to you. Take action.

Even if the only thing you’re doing is collecting email addresses of EU citizens and you’re located in Canada for example, you still need to be GDPR compliant.

GDPR Data Collection & Processing Requirements

One of the main requirements of the GDPR for your Privacy Policy is the clear way you communicate the information to your users.

Customers need to know about the way you’re gathering and processing their data in a way that is:

  • Fully transparent

  • Concise and brief

  • Intelligible

  • Easily accessible

  • In clear and easy-to-understand wording

  • Free of charge

This means that users should easily understand your privacy policy and how you intend to gather and process their information and what kind of control they will have over it.

This includes privacy notices in your website.

GDPR Compliance and Consent

You’re now required to disclose more information in your Privacy Policy than before. More information about how you’re gathering and processing user data in a more clear, transparent and brief way.

Privacy Policy

You need an informative and detailed, yet reader-friendly policy that is in compliance with the GDPR requirements. It needs to include:

  • The type of personal information you collect

  • Why do you collect it and how

  • How you intend to use it

  • How you make sure it’s secure

  • The third-party services that have access it

  • Whether you use cookies

  • How users can control their data and the way you use it

The privacy policy should no longer be the well known long, hard to read and intimidating legal document. The purpose if the GDPR is to eliminate that and make everything easier.

Important details to include in your Privacy Policy

  • Data controller (your business/brand name)

  • Contact information of the data controller (your business address, email address, phone number)

  • Do you use data for profiling

  • Inform users of their rights

  • Do you transfer their data internationally and to third-party services (name them and their contact details)

Getting Consent

Now that your Privacy Policy is updated and GDPR compliant, you need to meet the new requirements for consent.

Getting consent from your users happens before you collect any personal information (like email address, name, payment information, etc).

This is best done with a checkbox where users can select whether they agree to your Privacy Policy, Terms of Service, etc. This should also include a link to your policies.

Privacy Notices

A privacy notice is a brief notification that is directly related to the type of information you’re collecting.

For example, a question mark next to an email address field pointing out why you’re collecting that piece of information (and maybe a link to your policy).

This notice is presented right at the point of creating an account and a link to your Privacy Policy is a clear and simple way for them to get informed about your data collection and processing intentions.


First, make your Privacy Policy brief, easy to read and understand. Include the additional GDPR required information, make sure you get user consent and use privacy notices where you ask for that consent.

Get GDPR Compliance

Join 11,000+ subscribers receiving actionable E-commerce advice

* Unsubscribe any time

Trending blogs

comments powered by Disqus