Shopify Discussions

Markssxx · ‎09-16-2023

I am in the U.K. and about to open my gift store. One issue worries me is who is responsible for protecting my customers data? Is it me or Shopify?

Taknify · ‎09-16-2023

Since you are from U.K, GDPR laws likely applies to you. It should be you that protects the customers data and not Shopify. If you collect any personal information, or do any sort of tracking (have google analytics, other analytics), you need to ask for consent before you can collect those user informations.
An ideal case is you have a banner that you prompt, where users reject and accepts. Depending on that consent, you need to configure what ads, analytics, functionality cookies you store.
Let me know if you have any further questions.

Need to tweak your store a bit? Come and visit us at Taknify or send me message.

Markssxx · ‎09-17-2023

Thank you. I have had support from Pandectes who have helped me with their banner. Would you mind taking a look for your thoughts? My shop is here.

https://click-a-gift.com

thank you in advance.

Taknify · ‎09-17-2023

Hi,
Just looking from the site, I wasn't able to check if this banner is properly configured or not. I need access to the store to check further. I have to read through the code from Pandectes to review this further.

Need to tweak your store a bit? Come and visit us at Taknify or send me message.

Markssxx · ‎09-17-2023

The banner was configured by Pandectesdirectly to my store. What do you need to gain access? Also I’m looking in to a VPN for additional security.

Markssxx · ‎09-17-2023

It’s interesting what you say because some people say it is Shopify responsibility for data protection and the payment gateways.

Taknify · ‎09-17-2023

I need access to your store via a collaborator access. This means I sent a collab access to your store and you accept it and therefore I can check if you have your banner + all the consents firing properly.

Depends on which customer data points you collect.
For anything payment related, those are handled already by whatever payment gateway you have.
I am taking about if you have analytics and ads added to your website then you need to also configure consents accordingly.
Example, if users reject on performance or targeting cookies from the banner, then any apps or custom logic you have for analytics or ads should not fire. (meaning if users rejects analytics cookies, so you are not allowed to track them)
I hope this helps a bit to clarify your question.

Need to tweak your store a bit? Come and visit us at Taknify or send me message.

Markssxx · ‎09-18-2023

Thank you. Yes please send a collaborator request. I believe the points you mentioned were actioned by Pandectes. But if you can check that’s useful.

Markssxx · ‎09-19-2023

Hi I could not see your request. Can you send it again?

SEOKart · ‎09-18-2023

Hello Markssxx,

Thanks for reaching out to the community!

Well, as you are the ‘Controller’, meaning data collector in e-commerce jargon, you are the one responsible for protecting the customers’ data.

As per the EU General Data Protection Regulation (GDPR), the e-commerce business store collecting the customer data in the UK shall clearly disclose the purpose behind collecting the personal information of their customers. Additionally, the collector is liable to keep the information secure by encrypting and sharing data on HTTPS (Hypertext Transfer Protocol Secure), processing it securely by using advanced technology, and storing it in password-secured database.

Hope it helps!

https://apps.shopify.com/seokart

Shopify Discussions

Is Shopify or me responsible for customer data protection

Community Blog Articles

Shopify Community

Support

Shopify

Quick Links