As of May 25th 2018 the European Data Protection Regulation (GDPR) will be applicable in all member states in order to harmonize data privacy acts across Europe. As all of you know, this Regulation (EU) 2016/679 (General Data Protection Regulation) is a package every European company has to face (with only a few exceptions). And of course – you already guessed it – you as Online merchants are affected.
That’s why we put our heads together with the lawyers of RESMEDIA and came up with the following solution for you guys. Additionally, we initiated an extraordinary release OXID eShop 6.0.2 (antedating from the regular schedule at the end of April) in order to give you a proper amount of time to make the necessary alterations to your shop installations.
To enable your OXID eShop 6 installations for GDPR compliancy, we implemented the following features into the core:
You, as a shop administrator, can decide whether you want to allow a user the deletion of his own account or not.
Additionally we deliver a module for your user’s acceptance to store certain data via check boxes in the storefront:
- for storing delivery addresses,
- for storing contact form data (delete or keep for statistical reasons),
- for storing registration data,
- for storing product recommendations.
And what about the OXID eShop versions 4.10.x and 5.3.x? Of course, we will also provide a GDPR compliance solution for these versions in a few days but there’s a little different implementation: the part that was built in the core for OXID eShop 6 will be released as a module for versions 4.10.x and 5.3.x. You may find the modules here at GitHub:
- GDPR base module (already implemented as core change in OXID eShop compilation 6.0.2)
- GDPR opt in module.
If you use a custom template, please think of adapting the according template changes that can be found inside the modules.
Relying on only these changes doesn’t make you safe: we strongly advise to get deeper in all aspects of this regulation. In case of doubts, please contact your lawyer.
Please note that still changes can happen within the next time as there is no practical case yet. We have the assumption that there soon court decisions might come up, and some points of the GDPR will become more specific.
In case of any questions, please feel free to comment on this blog post in our accompanying forum thread.