OpenCart GDPR Compliance: Privacy Policy Updates for E-Commerce Merchants
OpenCart merchants need to know that the main point of the General Data Protection Regulation (GDPR) is protecting their customers’ personal data and digital privacy.
Of course, this requires you to make some changes to the Privacy Policy in your OpenCart store.
Let’s explain all you need to know about updating your Privacy Policy, displaying correct notices on your website and how to get users to accept your new GDPR compliant terms.
When Does GDPR take Effect
The new EU legal framework takes full effect on May 25, 2018.
Its purpose is to unify the current data protection laws throughout the countries in the European Union and give more power to EU citizens to protect their personal information.
Does the GDPR Apply to You?
Absolutely yes, if you’re any kind of business offering products or services to citizens of the European Union.
Since selling to those citizens requires gathering their personal information, you need to be GDPR compliant and update your privacy policy and use the new data collection & management practices.
So, no matter where your business is located, if your OpenCart store has an audience that includes citizens from the EU, GDPR definitely applies to you. Take action.
Even if the only thing you’re doing is collecting email addresses of EU citizens and you’re located in Canada for example, you still need to be GDPR compliant.
GDPR Data Collection & Processing Requirements
One of the main requirements of the GDPR for your Privacy Policy is the clear way you communicate the information to your users.
Customers need to know about the way you’re gathering and processing their data in a way that is:
-
Fully transparent
-
Concise and brief
-
Intelligible
-
Easily accessible
-
In clear and easy-to-understand wording
-
Free of charge
This means that users should easily understand your privacy policy and how you intend to gather and process their information and what kind of control they will have over it.
This includes privacy notices in your website.
GDPR Compliance and Consent
You’re now required to disclose more information in your Privacy Policy than before. More information about how you’re gathering and processing user data in a more clear, transparent and brief way.
Privacy Policy
You need an informative and detailed, yet reader-friendly policy that is in compliance with the GDPR requirements. It needs to include:
-
The type of personal information you collect
-
Why do you collect it and how
-
How you intend to use it
-
How you make sure it’s secure
-
The third-party services that have access it
-
Whether you use cookies
-
How users can control their data and the way you use it
The privacy policy should no longer be the well known long, hard to read and intimidating legal document. The purpose if the GDPR is to eliminate that and make everything easier.
Important details to include in your Privacy Policy
-
Data controller (your business/brand name)
-
Contact information of the data controller (your business address, email address, phone number)
-
Do you use data for profiling
-
Inform users of their rights
-
Do you transfer their data internationally and to third-party services (name them and their contact details)
Getting Consent
Now that your Privacy Policy is updated and GDPR compliant, you need to meet the new requirements for consent.
Getting consent from your users happens before you collect any personal information (like email address, name, payment information, etc).
This is best done with a checkbox where users can select whether they agree to your Privacy Policy, Terms of Service, etc. This should also include a link to your policies.
Privacy Notices
A privacy notice is a brief notification that is directly related to the type of information you’re collecting.
For example, a question mark next to an email address field pointing out why you’re collecting that piece of information (and maybe a link to your policy).
This notice is presented right at the point of creating an account and a link to your Privacy Policy is a clear and simple way for them to get informed about your data collection and processing intentions.
Summary
First, make your Privacy Policy brief, easy to read and understand. Include the additional GDPR required information, make sure you get user consent and use privacy notices where you ask for that consent.