I am in the U.K. and about to open my gift store. One issue worries me is who is responsible for protecting my customers data? Is it me or Shopify?
Since you are from U.K, GDPR laws likely applies to you. It should be you that protects the customers data and not Shopify. If you collect any personal information, or do any sort of tracking (have google analytics, other analytics), you need to ask for consent before you can collect those user informations.
An ideal case is you have a banner that you prompt, where users reject and accepts. Depending on that consent, you need to configure what ads, analytics, functionality cookies you store.
Let me know if you have any further questions.
Thank you. I have had support from Pandectes who have helped me with their banner. Would you mind taking a look for your thoughts? My shop is here.
thank you in advance.
The banner was configured by Pandectesdirectly to my store. What do you need to gain access? Also I’m looking in to a VPN for additional security.
I need access to your store via a collaborator access. This means I sent a collab access to your store and you accept it and therefore I can check if you have your banner + all the consents firing properly.
Depends on which customer data points you collect.
For anything payment related, those are handled already by whatever payment gateway you have.
I am taking about if you have analytics and ads added to your website then you need to also configure consents accordingly.
Example, if users reject on performance or targeting cookies from the banner, then any apps or custom logic you have for analytics or ads should not fire. (meaning if users rejects analytics cookies, so you are not allowed to track them)
I hope this helps a bit to clarify your question.
Thank you. Yes please send a collaborator request. I believe the points you mentioned were actioned by Pandectes. But if you can check that’s useful.
Thanks for reaching out to the community!
Well, as you are the ‘Controller’, meaning data collector in e-commerce jargon, you are the one responsible for protecting the customers’ data.
As per the EU General Data Protection Regulation (GDPR), the e-commerce business store collecting the customer data in the UK shall clearly disclose the purpose behind collecting the personal information of their customers. Additionally, the collector is liable to keep the information secure by encrypting and sharing data on HTTPS (Hypertext Transfer Protocol Secure), processing it securely by using advanced technology, and storing it in password-secured database.
Hope it helps!
On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...By Arno Nov 27, 2023
You've downloaded the Search & Discovery app from the Shopify App store, and as you're ...By Skye Nov 8, 2023