{"id":14150,"date":"2018-05-03T11:20:12","date_gmt":"2018-05-03T08:20:12","guid":{"rendered":"https:\/\/www.x-cart.com\/?p=14150"},"modified":"2023-09-12T09:23:24","modified_gmt":"2023-09-12T06:23:24","slug":"gdpr-is-almost-here-impacting-online-stores-in-eu-and-outside-x-cart-is-ready","status":"publish","type":"post","link":"https:\/\/www.x-cart.com\/blog\/gdpr.html","title":{"rendered":"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside"},"content":{"rendered":"\n<p>The&nbsp;<a href=\"https:\/\/gdpr-info.eu\/\" target=\"_blank\">EU General Data Protection Regulation<\/a>&nbsp;(GDPR) law with complicated requirements, expensive implementation and huge fines for non-compliance have thrown many eCommerce businesses into panic since it was announced.<\/p>\n\n\n\n<p>This new EU regulation will impact business not only in the EU but those outside too, if they process the EU residents\u2019 personal data (collect emails, monitor site visitors behavior by IP, etc). And wherever your business is, the EU authorities will find the ways to punish you for non-GDPR-compliance.<\/p>\n\n\n\n<p>Starting from&nbsp;<strong>May 25, 2018<\/strong>, the GDPR law may affect how the processors and controllers collect, use, store and maintain personal data of the EU citizens. However, many businesses are not ready yet.<\/p>\n\n\n\n<p>According to the&nbsp;<a href=\"https:\/\/www.mailjet.com\/blog\/guide\/gdpr-research-report\/\" target=\"_blank\">Mailjet\u2019s study<\/a>, only one of four businesses is GDPR-compliant, while the&nbsp;<a href=\"https:\/\/erwin.com\/news\/new-study-reveals-6-enterprises-prepared-gdpr\/\" target=\"_blank\">research by Erwin<\/a>&nbsp;has revealed that only 6% of the USA enterprises are ready for the new GDPR requirements.<\/p>\n\n\n\n<p>Are you also among those who ignore the GDPR requirements?<\/p>\n\n\n\n<p>Well, you may have strong reasons for it. But let\u2019s take a closer look at this EU regulation to understand what it is, how it applies to eCommerce businesses and what changes you need to implement to avoid fines.<\/p>\n\n\n<h2>\n            What is GDPR?    <\/h2>\n\n\n\n<p>The aim of General Data Protection Regulation is to protect personal data of the EU citizens and make sure that online stores, cloud services and other companies with internet presence treat this data carefully and don\u2019t abuse it. These organizations should process the data lawfully and use it only for the purposes it was collected for.<\/p>\n\n\n\n<p>So, it\u2019s not only about your&nbsp;<a href=\"https:\/\/www.x-cart.com\/blog\/ecommerce-site-security.html\" target=\"_blank\">online store security<\/a>&nbsp;in general, but mainly about the ways you process your buyers\u2019 data.<\/p>\n\n\n\n<div class=\"p-post__t-emph\">\n<p><strong>Processing<\/strong>&nbsp;means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.<\/p>\n<\/div>\n\n\n\n<p>According to the regulation, personal data processing in the online store can take place only if:<\/p>\n\n\n\n<ol class=\"ol-numbers wp-block-list\"><li>a buyer gave an explicit consent to have his\/her personal data processed and knows that the processor needs this data to sell a product or render a service to the buyer.<br>For example, the buyer\u2019s credit card number is necessary to accept the payment, the buyer\u2019s address \u2013 to ship the order correctly, cookie identifiers \u2013 to deliver more personalized experience, monitoring the buyer behavior \u2013 to offer more relevant products using the AI technologies, etc.<\/li><li>the data processing is required by law.<\/li><\/ol>\n\n\n<h2>\n            Whom Does GDPR Affect?    <\/h2>\n\n\n\n<p>Geographically this regulation applies to businesses both inside and outside the EU&nbsp;<strong>if they process personal data of the buyers \u201cwho are in Union\u201d<\/strong>&nbsp;(as per Article 3).<\/p>\n\n\n\n<p>It means, that while the EU citizens are not in Union, the GDPR doesn\u2019t apply to the processing of their data. But while they are, every processor and controller from the EU, the USA, China or any other country should process their data in a GDPR-compliant manner.<\/p>\n\n\n\n<div class=\"p-post__t-emph\">\n<p><strong>Controller<\/strong>&nbsp;is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of personal data processing of; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.<\/p>\n\n\n\n<p><strong>Processor<\/strong>&nbsp;means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller.<\/p>\n<\/div>\n\n\n\n<p>eCommerce business owners can be both processors and controllers because no online order is possible without asking a customer at least for their name and contact info. The data they collect, store and use falls within the scope of the GDPR if it belongs to the buyers in the EU.<\/p>\n\n\n\n<p>So, online merchants should follow the new rules unless they stop selling to the EU customers (e.g. restrict checkout for buyers from the EU) and don\u2019t deal with their data at all. But it is hardly possible and may result in significant loss of revenue.<\/p>\n\n\n\n<p>That said, online merchants should get prepared for the GDPR:<\/p>\n\n\n\n<ul class=\"checklist darkblue wp-block-list\"><li>at least if they monitor user behavior on their website and online users who are in the EU are among the visitors;<\/li><li>and obviously if buyers in the EU can make an online purchase on their website.<\/li><\/ul>\n\n\n<h2>\n            GDPR Penalties and Fines    <\/h2>\n\n\n\n<p>Supervisory authorities in each union state will control the GDPR application. Breakers of the regulation will face huge fines and strict penalties. The size of the fines will depend on each individual case and can be up to 4% of annual global turnover or \u20ac20 million.<\/p>\n\n\n\n<p>The frequently asked question is&nbsp;<strong>\u201cHow will the Union punish countries outside the EU?\u201d<\/strong><\/p>\n\n\n\n<p>The answer is in&nbsp;<a href=\"https:\/\/gdpr-info.eu\/art-50-gdpr\/\" target=\"_blank\">Article 50<\/a>. They plan to develop international cooperation mechanisms with data protection supervisory authorities in other countries. So, they will punish non-compliant store owners with the help of the local authorities.<\/p>\n\n\n<h2>\n            What\u2019s New in GDPR for Your eCommerce Business?    <\/h2>\n\n\n\n<p>You might have noticed that most powerful players like Google and Facebook have already implemented the GDPR-compliance into their processes and most likely you\u2019ve started receiving the GDPR-compliance notices from the services you use for your business. Time to prepare your online store to May 25th, 2018, too.<\/p>\n\n\n\n<p>The GDPR affects your whole eCommerce business, not only your website, as you\u2019ll have to implement corresponding changes in any department that touches or uses customer data.<\/p>\n\n\n<h3>\n            Any kind of your customers\u2019 data processing requires their consent    <\/h3>\n\n\n\n<p>It\u2019s probably the most important change that comes with the GDPR. Before you start the processing of your buyers\u2019 data you should first get their consent.<\/p>\n\n\n\n<p>Hmm\u2026 sounds familiar and looks very similar to accepting terms and conditions.<\/p>\n\n\n\n<p>Not really. If we look closer to&nbsp;<a href=\"https:\/\/gdpr-info.eu\/chapter-2\/\" target=\"_blank\">Chapter 2 (Principles)<\/a>&nbsp;of the GDPR we\u2019ll see that:<\/p>\n\n\n\n<p><strong>1) Giving consent should be an active action<\/strong><\/p>\n\n\n\n<p>No more pre-ticked boxes or opt-ins. In order to complete a purchase or finish the registration on your eCommerce website, a customer should tick the checkbox first to confirm that he allows you to process his data. Make sure they can easily find the terms of their data processing (e.g. link next to the \u201cI give my consent to processing of my personal data\u201d checkbox). For children, you should have the consent of their parents.<\/p>\n\n\n\n<p>Consent checkboxes should be on every page or popup where your buyer enters a new piece of personal data or if you\u2019re asking the data you already have but for a different purpose.<\/p>\n\n\n\n<p><strong>2) Terms of data processing should be clear and easy to understand<\/strong><\/p>\n\n\n\n<p>Use simple language to explain to them how you\u2019re going to use their data. Avoid legal and technical terms and long-reads.<\/p>\n\n\n\n<p>The essential things you should let them know are:<\/p>\n\n\n\n<ul class=\"checklist darkblue wp-block-list\"><li>why you collect their personal data (email \u2013 to notify them about their order status, physical address \u2013 to ship their order, etc);<\/li><li>what data you\u2019re going to store and how long (email address and order history \u2013 for your accounting, etc);<\/li><li>whom you transfer the data and for what purposes (e.g. you can transfer billing address to the payment processor as they may require it to process the payment);<\/li><li>your company contact information (because you\u2019re the data processing controller) and your data protection officer contact information if you\u2019ve appointed one.<\/li><\/ul>\n\n\n\n<p>If one piece of data is to be used for multiple purposes (e.g. email \u2013 both for order fulfillment and sending promotional materials), make sure you tell your buyers about it, too.<\/p>\n\n\n\n<p>You can no longer force your store visitors to provide you with any personal data in exchange for rendering a service, i.e. it shouldn\u2019t be conditional. A good example of conditional data collection is asking for emails in exchange to downloading an eBook with the purpose to use these emails for your marketing campaigns. In fact, you can still do it, but should clearly state why you are collecting the email and allow them to refuse its processing but still get the service.<\/p>\n\n\n\n<p>Finally, don\u2019t forget to remind them that they can withdraw their consent at any time.<\/p>\n\n\n\n<p><strong>3) Your eCommerce website visitors should have a choice about consenting and the easy way to withdraw their consent<\/strong><\/p>\n\n\n\n<p>Keep it easy for your buyers to cancel their permission for the processing of their data (e.g. a link in their personal account in your store, easy way to contact you and request the withdrawal).<\/p>\n\n\n\n<p>For example, if you need their email not only for fulfilling their order but also for sending them your newsletters, make sure they can easily adjust their preferences to choose for what purposes you can use their email.<\/p>\n\n\n\n<p>Keep the record of how and when you\u2019ve got the buyers consent as well as the request to the consent withdrawal. You\u2019ll need this information for audits related to your buyer\u2019s data processing.<\/p>\n\n\n\n<p>Of course, if a buyer withdraws his consent, this action relates only to the future processing, not the data already processed.<\/p>\n\n\n<h3>\n            Buyers should be able to access their data and restrict its processing    <\/h3>\n\n\n\n<ol class=\"ol-numbers wp-block-list\"><li>According to the GDPR rules your buyers and other website visitors have the right to&nbsp;<strong>obtain confirmation<\/strong>&nbsp;as to whether or not you process their personal data.<\/li><li>On top of that, if you do, they have the right to request&nbsp;<strong>what data you process, for what purposes and who can access it<\/strong>. You should provide them with a detailed report and also include in it the information that you\u2019ve gathered about them yourself from different sources. As for the data they personally gave you, they can request a report in a structured, commonly used and machine-readable format to be able to pass this file to other controllers.<\/li><li>If a buyer finds out that you\u2019ve got inaccurate data about him, you should&nbsp;<strong>correct it upon his\/her request<\/strong>.<br>Reports and rectifications are to be provided without undue delay and hindrance from you as a controller.<\/li><li>The data subject can&nbsp;<strong>restrict the data processing<\/strong>. The restriction means that you can keep storing the info, but no more than that. You can\u2019t use it. The reasons may be different \u2013 from the data inaccuracy to unlawful ways of processing. In any case, you should inform the 3rd parties to whom you transferred your buyer\u2019s data about the restriction.<\/li><\/ol>\n\n\n<h3>\n            Buyers have the right to be forgotten    <\/h3>\n\n\n\n<p>This right means that you should remove any personal data concerning them without undue delay upon their request if:<\/p>\n\n\n\n<ul class=\"checklist darkblue wp-block-list\"><li>you no longer need this data for the purposes you collected or otherwise processed it;<\/li><li>or the data subject withdraws consent and there is no legal ground for the processing.<\/li><\/ul>\n\n\n\n<p>If you have legal ground for keeping some of the buyer\u2019s data, you can still keep it, but only the data you really need and only for particular purposes. For example, you\u2019re allowed to store your buyers\u2019 orders history (including the relevant data), at least because it\u2019s the proof of the service or product delivered to them.<\/p>\n\n\n\n<p>If you\u2019ve transferred the customer data to 3rd parties, you should inform them, that they can no longer process your buyers\u2019 data.<\/p>\n\n\n<h3>\n            In case of data breach, notify a supervisory authority and affected customers    <\/h3>\n\n\n\n<p>Under the GDPR, after a controller reveals a data breach, he has 72 hours to inform the supervisory authority about it (Article 33). The notification should describe the nature of the breach, affected customers and the volume of affected data, consequences and taken measures, etc. If a controller can\u2019t get all the information at once to send it to the authority, he can do it in phases, providing the newly revealed information concerning the breach as soon as possible.<\/p>\n\n\n\n<p>If the data breach is likely to impact customers data, a controller should inform the affected customers without undue delay, describing the breach in clear and plain language.<\/p>\n\n\n\n<p>You don\u2019t have to send notifications to the supervisory authority or to your buyers if the breach is not likely to result in any risk to your buyers\u2019 rights and freedoms.<\/p>\n\n\n<h3>\n            You should keep records of data processing activities    <\/h3>\n\n\n\n<p>According to the GDPR, your records of the processing activities should include the following information:<\/p>\n\n\n\n<ul class=\"checklist darkblue wp-block-list\"><li>name and contact details of the controller (joint controller, the controller\u2019s representative and the data protection officer, if any);<\/li><li>what data you\u2019ve processed and for what purposes;<\/li><li>whom you\u2019ve transferred or disclosed your buyers\u2019 data (together with the documentation of suitable safeguards);<\/li><li>time limits for the data erasure (if possible);<\/li><li>security measures you\u2019ve taken to protect the data (if possible).<\/li><\/ul>\n\n\n<h3>\n            Certification and Data Protection Officer    <\/h3>\n\n\n\n<p>While the certification is voluntary, appointing a Data Protection Officer can be mandatory depending on certain circumstances. According to the regulation, you\u2019ll have to appoint a DPO if your business implies the personal data processing on a large scale. Small businesses most likely don\u2019t have to appoint a DPO at all.<\/p>\n\n\n<h2>\n            Take Advantage    <\/h2>\n\n\n\n<p>I absolutely agree with you that all the above said looks complicated and a bit scary. However, there are at least two advantages of becoming compliant: more trust from buyers and a good chance to put your customers\u2019 personal data in order.<\/p>\n\n\n\n<p>Indeed, it\u2019s time to audit the data you process. Ask yourself:<\/p>\n\n\n\n<ul class=\"checklist darkblue wp-block-list\"><li>Do you really need all the data you collect or your customers can skip a couple of steps when, for example, completing an order?<\/li><li>Do you need to store it?<\/li><li>Are you sure you store it securely?<\/li><li>How accurate is the data?<\/li><li>Do you really need that 3rd party service that processes your customers\u2019 data?<\/li><\/ul>\n\n\n\n<p>\u2026 and other important questions related to the data processing.<\/p>\n\n\n\n<p>I\u2019m sure you don\u2019t have clear-cut answers to all of them. And you won\u2019t, unless you audit the data you collect and process.<\/p>\n\n\n\n<p>Additional Resources:<\/p>\n\n\n\n<ul class=\"checklist darkblue wp-block-list\"><li><a href=\"https:\/\/www.x-cart.com\/blog\/online-privacy.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Online Privacy in eCommerce: 6 Key Takeaways and Shocking Stats You Didn\u2019t Know About<\/a><\/li><\/ul>\n\n\n<h2>\n            To Sum up    <\/h2>\n\n\n\n<p>This article contains the most significant GDPR points to give you a better understanding of what the GDPR is. But every business is unique. So, before you start any changes in your online store, we advise that you should contact competent authorities. They can help with the audit and will also provide you with the list of the necessary changes that your business needs.<\/p>\n\n\n\n<p>As for&nbsp;<strong>X-Cart 4 and X-Cart 5 eCommerce platforms<\/strong>, they are GDPR-friendly.<\/p>\n\n\n\n<p>By default both keep and process only the information you need for your eCommerce website business processes (one of the main GDPR principles).<\/p>\n\n\n\n<p>Both have a button in customers\u2019 area that allows deleting customers profiles (the right to be forgotten). Profile deletion removes the data stored in the profile and communication with the store owner and sellers. If anonymous customers want to remove their personal data, they can request it using a Contact us form on your website.<\/p>\n\n\n\n<p>To help you implement other changes required by the regulation easier, we\u2019ve created special addons for the platforms. Here are the changes that the GDPR addons make in your online store:<\/p>\n\n\n<h3>\n            GDPR-friendly addon for X-Cart Classic    <\/h3>\n\n\n\n<p><strong>1) Additional checkboxes \u201cI give my consent to the processing of \u201cmy personal data\u201d<\/strong>&nbsp;to the registration and checkout pages.<\/p>\n\n\n    <link  rel=\"stylesheet\" href=\"\/wp-content\/themes\/miniflat\/build\/css\/elements\/post\/gallery.css?var=1643273158\" \/>            <div class=\"gb-gallery\" id=\"gallery-1\">\n                                                <figure class=\"gb-gallery__item\">\n                                                <div class=\"gb-gallery__image gb-img__figure-btn\" role=\"button\" data-fl-gallery=\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2018\/05\/consent-checkboxes-on-registration-page-mini.jpg\">\n                                <picture><source  srcset=\"https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-t650x250.webp 1x, https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini.webp 2x\" type=\"image\/webp\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-t650x250.jpg 1x, https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-raw.jpg 2x\" type=\"image\/jpg\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-t500x300.jpg 1x, https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-raw.jpg 2x\" type=\"image\/jpg\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-t350x300.jpg 1x, https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-raw.jpg 2x\" type=\"image\/jpg\" media=\"(min-width: 760px)\" \/><img decoding=\"async\"  width=\"796\" height=\"477\" src=\"https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-t350x300.jpg\" srcset=\"https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-t350x300.jpg 1x, https:\/\/www.x-cart.com\/img\/23391\/consent-checkboxes-on-registration-page-mini-raw.jpg 2x\" alt=\"consent-checkboxes-on-registration-page-mini.jpg\" class=\"gb-gallery__img\" loading=\"lazy\" \/><\/picture>                        <\/div>\n                                            <\/figure>\n                                                                <figure class=\"gb-gallery__item\">\n                                                <div class=\"gb-gallery__image gb-img__figure-btn\" role=\"button\" data-fl-gallery=\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2018\/05\/consent_checkboxes_on_checkout_xc4-mini.jpg\">\n                                <picture><source  srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini.webp 1x\" type=\"image\/webp\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini.webp 1x\" type=\"image\/webp\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini.webp 1x\" type=\"image\/webp\" media=\"(min-width: 760px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(min-width: 760px)\" \/><img decoding=\"async\"  width=\"423\" height=\"253\" src=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini-raw.jpg\" srcset=\"https:\/\/www.x-cart.com\/img\/23392\/consent_checkboxes_on_checkout_xc4-mini-raw.jpg 1x\" alt=\"consent_checkboxes_on_checkout_xc4-mini.jpg\" class=\"gb-gallery__img\" loading=\"lazy\" \/><\/picture>                        <\/div>\n                                            <\/figure>\n                                    <\/div>\n                        <link  rel=\"stylesheet\" href=\"\/wp-content\/themes\/miniflat\/build\/css\/lib\/featherlight-1.7.13.css?var=1640604438\" \/>    \n\n\n<p>To the difference with the default X-Cart behavior the checkboxes related to customers consent and terms and conditions are not pre-ticked. If you need the Terms &amp; Conditions checkbox pre-ticked, you can enable it in on the addon settings page.<\/p>\n\n\n\n<p>Note: The addon is fully compatible with the default X-Cart templates. If you customized the registration or checkout pages, the changes by the module may not apply and you\u2019ll need to edit your template manually.<\/p>\n\n\n\n<p><strong>2) Additional Privacy statement static page<\/strong>&nbsp;and opening the information in the popup<\/p>\n\n\n\n<p>Clicking on the Terms &amp; Conditions and Privacy statement links on checkout or registration page will open popups with the corresponding information. So, your customers won\u2019t need to go to a different page to check the terms.<\/p>\n\n\n\n<p>You can edit the Terms &amp; Conditions and Privacy statement pages content in your X-Cart back-end. If you keep the default content, don\u2019t forget to replace the values highlighted in yellow with your company information.<\/p>\n\n\n\n\n\n<p><strong>3) Profile deletion notification<\/strong><\/p>\n\n\n\n<p>X-Cart will send this notification to the Users department email address if your registered customer decides to delete his\/her profile. There is a special button for it in their profile in customer area.<\/p>\n\n\n\n<p><strong>4) Records of processing activities<\/strong><\/p>\n\n\n\n<p>The addon settings page has a tab \u201cRecords of processing activities\u201d. Here you\u2019ll find the information of the addons that have access to your customers\u2019 personal data and have processed the data. You\u2019ll need this report for the data audit.<\/p>\n\n\n\n<p>If any of your 3rd party addons or custom features also process your customers\u2019 personal data, you should add the information about them into the table manually.<\/p>\n\n\n\n\n\n<p><strong>5) The cookie notice<\/strong>&nbsp;appears only when an online user comes to your store for the first time. You might already have this feature in your store as it comes with another addon \u2013 the EU Cookie Law. If you use the GEO IP addon, you can configure the notice to appear only for customers from the EU.<\/p>\n\n\n\n\n\n<p>The GDPR-friendly addon is based on the EU cookie law addon which used to be available as core functionality. The GDPR addon replaces it.<\/p>\n\n\n\n<p>We\u2019ve released the&nbsp;<a href=\"https:\/\/secure.x-cart.com\/customer.php?folder_id=388826&amp;area=filearea&amp;target=files_explorer\" target=\"_blank\">installation packages<\/a>&nbsp;for all versions of the 4.7.x branch, for v4.6.6 and v4.5.5. The packages for other versions of 4.6.x and 4.5.x branches will require adaptation.<\/p>\n\n\n\n<p>Owners of X-Cart based stores of older versions should install the feature using the \u2018gdpr dev pack\u2019. It includes both the EU Cookie Law and GDPR-friendly addons and requires adaptation to all versions.<\/p>\n\n\n<h3>\n            GDPR addon for X-Cart 5    <\/h3>\n\n\n\n<p><strong>1) Customer consent checkbox<\/strong><br>The&nbsp;<strong>checkboxes on checkout page, on the registration page and on the contact us page<\/strong>&nbsp;are not pre-ticked. Registered customers will need to tick the checkbox only once and anonymous users will have to confirm their consent every time they place an order.<\/p>\n\n\n    <link  rel=\"stylesheet\" href=\"\/wp-content\/themes\/miniflat\/build\/css\/elements\/post\/gallery.css?var=1643273158\" \/>            <div class=\"gb-gallery\" id=\"gallery-2\">\n                                                <figure class=\"gb-gallery__item\">\n                                                <div class=\"gb-gallery__image gb-img__figure-btn\" role=\"button\" data-fl-gallery=\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2018\/05\/consent-check-box-on-registration-page-mini.jpg\">\n                                <picture><source  srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini.webp 1x\" type=\"image\/webp\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini.jpg 1x, https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini-raw.jpg 2x\" type=\"image\/jpg\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini.webp 1x\" type=\"image\/webp\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini.webp 1x\" type=\"image\/webp\" media=\"(min-width: 760px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(min-width: 760px)\" \/><img decoding=\"async\"  width=\"436\" height=\"484\" src=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini-raw.jpg\" srcset=\"https:\/\/www.x-cart.com\/img\/23396\/consent-check-box-on-registration-page-mini-raw.jpg 1x\" alt=\"consent-check-box-on-registration-page-mini.jpg\" class=\"gb-gallery__img\" loading=\"lazy\" \/><\/picture>                        <\/div>\n                                            <\/figure>\n                                                                <figure class=\"gb-gallery__item\">\n                                                <div class=\"gb-gallery__image gb-img__figure-btn\" role=\"button\" data-fl-gallery=\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2018\/05\/consent-checkbox-on-checkout-page-mini.jpg\">\n                                <picture><source  srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini.webp 1x\" type=\"image\/webp\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(max-width: 599px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini.webp 1x\" type=\"image\/webp\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(min-width: 600px) and (max-width: 759px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini.webp 1x\" type=\"image\/webp\" media=\"(min-width: 760px)\" \/><source  srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini-raw.jpg 1x\" type=\"image\/jpg\" media=\"(min-width: 760px)\" \/><img decoding=\"async\"  width=\"358\" height=\"398\" src=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini-raw.jpg\" srcset=\"https:\/\/www.x-cart.com\/img\/23397\/consent-checkbox-on-checkout-page-mini-raw.jpg 1x\" alt=\"consent-checkbox-on-checkout-page-mini.jpg\" class=\"gb-gallery__img\" loading=\"lazy\" \/><\/picture>                        <\/div>\n                                            <\/figure>\n                                    <\/div>\n                        <link  rel=\"stylesheet\" href=\"\/wp-content\/themes\/miniflat\/build\/css\/lib\/featherlight-1.7.13.css?var=1640604438\" \/>    \n\n\n<p><strong>2) Privacy statement static page<\/strong>The Privacy statement static page appears in your static pages list in the back-end. You can\u2019t remove it unless you disable the addon. If you keep the default text for your Privacy statement page and popup, make sure you replace the values in yellow with the corresponding information about your company.<\/p>\n\n\n\n\n\n<p><strong>3) The cookie popup<\/strong>The addon settings allow disabling the cookie popup at all or showing it only for customers from particular countries only. You\u2019ll need the Geolocation addon for it.<\/p>\n\n\n\n\n\n<p><strong>4) GDPR activities<\/strong>The addon tracks all the activities related to the processing of your customers\u2019 personal data and keeps their record in your store back-end -&gt; Store setup \u2013 &gt; GDPR activities. The list of the activities contains the information about the addons, users, payment and shipping methods which have access and have used the personal data.<\/p>\n\n\n\n\n\n<p><a href=\"https:\/\/market.x-cart.com\/addons\/gdpr.html\" target=\"_blank\">GDPR for X-Cart 5<\/a>&nbsp;is compatible with 5.3.4 branch. However, to avoid any possible issues, we recommend you to upgrade your store to v5.3.4.7.<\/p>\n\n\n\n<p class=\"gb-btn__wrapper gb-btn__wrapper--center\"><a class=\"btn btn-lg btn-primary\" href=\"https:\/\/forum.x-cart.com\/showthread.php?t=75544\" target=\"_blank\">Discuss on forum<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The&nbsp;EU General Data Protection Regulation&nbsp;(GDPR) law with complicated requirements, expensive implementation and huge fines for non-compliance have thrown many eCommerce businesses into panic since it was announced. This new EU regulation will impact business not only in the EU but those outside too, if they process the EU residents\u2019 personal data (collect emails, monitor site [&hellip;]<\/p>\n","protected":false},"author":132,"featured_media":14155,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11734],"tags":[11630,35],"class_list":["post-14150","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-platform","tag-additional-services","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR Compliance: Everything You Need to Know About It | X-Cart<\/title>\n<meta name=\"description\" content=\"This ultimate guide will shed the light on what GDPR is and how these new requirements may affect eCommerce sites. Many European online stores are not ready for these changes yet. What about you? Are you GDPR compliant?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.x-cart.com\/blog\/gdpr.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside\" \/>\n<meta property=\"og:description\" content=\"This ultimate guide will shed the light on what GDPR is and how these new requirements may affect eCommerce sites. Many European online stores are not ready for these changes yet. What about you? Are you GDPR compliant?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.x-cart.com\/blog\/gdpr.html\" \/>\n<meta property=\"og:site_name\" content=\"X-Cart\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xcart\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-03T08:20:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-12T06:23:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2018\/05\/GDPR.jpg\" \/>\n<meta name=\"author\" content=\"Maria\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:creator\" content=\"@x_cart\" \/>\n<meta name=\"twitter:site\" content=\"@x_cart\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Maria\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html\"},\"author\":{\"name\":\"Maria\",\"@id\":\"https:\/\/www.x-cart.com\/#\/schema\/person\/a7cbeaa931e2f0489903e6a94cfe98bf\"},\"headline\":\"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside\",\"datePublished\":\"2018-05-03T08:20:12+00:00\",\"dateModified\":\"2023-09-12T06:23:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html\"},\"wordCount\":3131,\"publisher\":{\"@id\":\"https:\/\/www.x-cart.com\/#organization\"},\"keywords\":[\"additional services\",\"security\"],\"articleSection\":[\"All eCommerce\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html\",\"url\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html\",\"name\":\"GDPR Compliance: Everything You Need to Know About It | X-Cart\",\"isPartOf\":{\"@id\":\"https:\/\/www.x-cart.com\/#website\"},\"datePublished\":\"2018-05-03T08:20:12+00:00\",\"dateModified\":\"2023-09-12T06:23:24+00:00\",\"description\":\"This ultimate guide will shed the light on what GDPR is and how these new requirements may affect eCommerce sites. Many European online stores are not ready for these changes yet. What about you? Are you GDPR compliant?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.x-cart.com\/blog\/gdpr.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.x-cart.com\/blog\/gdpr.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.x-cart.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.x-cart.com\/#website\",\"url\":\"https:\/\/www.x-cart.com\/\",\"name\":\"X-Cart\",\"description\":\"X-Cart\",\"publisher\":{\"@id\":\"https:\/\/www.x-cart.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.x-cart.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.x-cart.com\/#organization\",\"name\":\"X-Cart\",\"url\":\"https:\/\/www.x-cart.com\/\",\"sameAs\":[\"https:\/\/www.instagram.com\/xcart\/\",\"https:\/\/www.youtube.com\/user\/Qualiteam\",\"https:\/\/www.facebook.com\/xcart\",\"https:\/\/twitter.com\/x_cart\"],\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.x-cart.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2024\/12\/X-Cart-Automotive-Origin-Logo.png\",\"contentUrl\":\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2024\/12\/X-Cart-Automotive-Origin-Logo.png\",\"width\":3000,\"height\":915,\"caption\":\"X-Cart\"},\"image\":{\"@id\":\"https:\/\/www.x-cart.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.x-cart.com\/#\/schema\/person\/a7cbeaa931e2f0489903e6a94cfe98bf\",\"name\":\"Maria\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.x-cart.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2021\/10\/20200927_134039-150x150.webp\",\"contentUrl\":\"https:\/\/www.x-cart.com\/wp-content\/uploads\/2021\/10\/20200927_134039-150x150.webp\",\"caption\":\"Maria\"},\"description\":\"Maria is a marketing manager at X-Cart. Once captured by digital and content marketing in her student days, she keeps living and breathing it ever since.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/maria-navolykina-9944b7163\/\"],\"url\":\"https:\/\/www.x-cart.com\/blog\/author\/marie\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR Compliance: Everything You Need to Know About It | X-Cart","description":"This ultimate guide will shed the light on what GDPR is and how these new requirements may affect eCommerce sites. Many European online stores are not ready for these changes yet. What about you? Are you GDPR compliant?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.x-cart.com\/blog\/gdpr.html","og_locale":"en_US","og_type":"article","og_title":"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside","og_description":"This ultimate guide will shed the light on what GDPR is and how these new requirements may affect eCommerce sites. Many European online stores are not ready for these changes yet. What about you? Are you GDPR compliant?","og_url":"https:\/\/www.x-cart.com\/blog\/gdpr.html","og_site_name":"X-Cart","article_publisher":"https:\/\/www.facebook.com\/xcart","article_published_time":"2018-05-03T08:20:12+00:00","article_modified_time":"2023-09-12T06:23:24+00:00","og_image":[{"url":"https:\/\/www.x-cart.com\/wp-content\/uploads\/2018\/05\/GDPR.jpg"}],"author":"Maria","twitter_card":"summary","twitter_creator":"@x_cart","twitter_site":"@x_cart","twitter_misc":{"Written by":"Maria","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.x-cart.com\/blog\/gdpr.html#article","isPartOf":{"@id":"https:\/\/www.x-cart.com\/blog\/gdpr.html"},"author":{"name":"Maria","@id":"https:\/\/www.x-cart.com\/#\/schema\/person\/a7cbeaa931e2f0489903e6a94cfe98bf"},"headline":"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside","datePublished":"2018-05-03T08:20:12+00:00","dateModified":"2023-09-12T06:23:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.x-cart.com\/blog\/gdpr.html"},"wordCount":3131,"publisher":{"@id":"https:\/\/www.x-cart.com\/#organization"},"keywords":["additional services","security"],"articleSection":["All eCommerce"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.x-cart.com\/blog\/gdpr.html","url":"https:\/\/www.x-cart.com\/blog\/gdpr.html","name":"GDPR Compliance: Everything You Need to Know About It | X-Cart","isPartOf":{"@id":"https:\/\/www.x-cart.com\/#website"},"datePublished":"2018-05-03T08:20:12+00:00","dateModified":"2023-09-12T06:23:24+00:00","description":"This ultimate guide will shed the light on what GDPR is and how these new requirements may affect eCommerce sites. Many European online stores are not ready for these changes yet. What about you? Are you GDPR compliant?","breadcrumb":{"@id":"https:\/\/www.x-cart.com\/blog\/gdpr.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.x-cart.com\/blog\/gdpr.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.x-cart.com\/blog\/gdpr.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.x-cart.com\/"},{"@type":"ListItem","position":2,"name":"GDPR: What Is It and How It May Impact Ecommerce Stores in EU and Outside"}]},{"@type":"WebSite","@id":"https:\/\/www.x-cart.com\/#website","url":"https:\/\/www.x-cart.com\/","name":"X-Cart","description":"X-Cart","publisher":{"@id":"https:\/\/www.x-cart.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.x-cart.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.x-cart.com\/#organization","name":"X-Cart","url":"https:\/\/www.x-cart.com\/","sameAs":["https:\/\/www.instagram.com\/xcart\/","https:\/\/www.youtube.com\/user\/Qualiteam","https:\/\/www.facebook.com\/xcart","https:\/\/twitter.com\/x_cart"],"logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.x-cart.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.x-cart.com\/wp-content\/uploads\/2024\/12\/X-Cart-Automotive-Origin-Logo.png","contentUrl":"https:\/\/www.x-cart.com\/wp-content\/uploads\/2024\/12\/X-Cart-Automotive-Origin-Logo.png","width":3000,"height":915,"caption":"X-Cart"},"image":{"@id":"https:\/\/www.x-cart.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.x-cart.com\/#\/schema\/person\/a7cbeaa931e2f0489903e6a94cfe98bf","name":"Maria","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.x-cart.com\/#\/schema\/person\/image\/","url":"https:\/\/www.x-cart.com\/wp-content\/uploads\/2021\/10\/20200927_134039-150x150.webp","contentUrl":"https:\/\/www.x-cart.com\/wp-content\/uploads\/2021\/10\/20200927_134039-150x150.webp","caption":"Maria"},"description":"Maria is a marketing manager at X-Cart. Once captured by digital and content marketing in her student days, she keeps living and breathing it ever since.","sameAs":["https:\/\/www.linkedin.com\/in\/maria-navolykina-9944b7163\/"],"url":"https:\/\/www.x-cart.com\/blog\/author\/marie"}]}},"_links":{"self":[{"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/posts\/14150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/users\/132"}],"replies":[{"embeddable":true,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/comments?post=14150"}],"version-history":[{"count":27,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/posts\/14150\/revisions"}],"predecessor-version":[{"id":23402,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/posts\/14150\/revisions\/23402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/media\/14155"}],"wp:attachment":[{"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/media?parent=14150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/categories?post=14150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.x-cart.com\/wp-json\/wp\/v2\/tags?post=14150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}