Over the past week we’ve answered some key questions about GDPR compliance. You’ve read about the changes coming to eCommerce (and the internet in general), the importance of putting someone in charge, and how to craft a privacy policy. You learned the basics of responding to Right of Access and Right to Erasure requests, and the importance of keeping your data — and your customers’ data — secure.
There’s also a larger issue at play: privacy isn’t a one time effort. It’s part of the ongoing maintenance for your business.
The GDPR is only the latest law designed to shift the balance of power back to consumers — it builds on older laws like the UK’s DPA. And it won’t be the last; store owners can expect updates to the GDPR, and similar laws will be enacted in other countries. Keeping abreast of these laws and which ones apply to you is an ongoing responsibility.
Whoever is charged with keeping an eye on privacy matters for you will need to make sure your store’s privacy policy stays fresh, especially as you add, update, or remove plugins and third-party services. Plugins will also update their privacy declarations, as they evolve to use personal data in new ways. Stores will need to keep on top of requests and security and data retention on an ongoing basis. Data security is as much a part of day-to-day work as tracking inventory and sales.
You’re part of a larger WooCommerce community
As one of hundreds of thousands of WooCommerce store owners, you’re part of a larger community. GDPR requirements might be intimidating, but they’re not insurmountable! If you have feedback on how we can make compliance a little bit easier, we’d love to hear from you in the comments, or in the #GDPR channel on WooCommerce Slack.
Good luck, happy selling, and drop us a line on privacy at woocommerce dot com if you have anything to share about your WooCommerce experiences in this brave new personal-data oriented world.
About
May I know the concept of woocommerce?
WooCommerce is a plugin for WordPress (CMS) that enables you to sell online. Read more here: https://woocommerce.com/features/
Thanks for these helpful, clear and informative articles on GDPR. Much appreciated!
I want to get the password
GDPR giving us a headache. Thanks for the information.
Hi, i have 2 question….
the GDPR say the user can deny the cookie?
If thay do, how can we sell without cookie?
2nd question, the GDPR say that user have right to ask erasure, but… if the customer do order, we need to keep the data of order and invoice for 10 years? How we can do? We must delete parts of data or we must waiting 10 years to delete it?
Hello Stefano ,about cookies you need the customer aproval to use them if they deny you refuse to sell.
About the second question , if the law asks you to keep invoice data for 10 years , then the users request do not apply.Any time the users req. something ,but on your side law asks for his data you have no obligation , maybe just to inform the customer you cannot fulfill his req bc of the law.
Good article
I gave the RC2 a quick test and checked a order for deleting personal data. Personal data was removed after. But related orders were still there with personal data. And are we able to use that new tool anywere in world? How about law related terms like tax laws? I do need that info because I have to give my clients a note about and how they may use that new tool.
What about subscriptions?
I found at https://www.willows-consulting.com/gdpr-for-ecommerce/ this note about tax compliance:
GDPR does not trump other laws. E.G. if you have to keep personal data to justify vat charges then this is needs to be kept for tax compliance. The rule in GB and Ireland is 7 years. Other countries may vary.
Shoudn’t there be a setting for how old a order has to be in case for which personal data should be removed? If a shop owner deletes such personal data from a order accidentally to early, it can’t be restored with a click!
Hi Adrian!
I like this idea – i.e. allow store owners to check the « erasure » box but also set a minimum age below which data is nonetheless retained (e.g. for tax purposes)
Would you mind opening an issue at https://github.com/woocommerce/woocommerce/issues ?
Thank you!
Great article! Bookmarked
Hi Allen,
thank you so much! I appreciated a lot. Now, with your posts I feel ongoing GDPR compliance.
very good
clarified very well about gdpr
I upgraded Woocommerce and tried to anonymize older order (in test environment), work just fine except one huge issue: IP adresses are considered to be personal data and orders still contain ip-adresses…
Thanks to numerous articles on the Internet about GDPR and how to comply, my company prepared for it quickly and effectively. We found checklists and done all items from them, to not pay huge fines in future. Here is one of the best checklists I found https://qawerk.com/blogs/gdpr-compliance-checklist-outsourcing-companies/ and it fully corresponds to GDPR requirements. Hope it will help someone)
Just calling out attention on this line: « privacy isn’t a one time effort. It’s part of the ongoing maintenance for your business. » That’s well said and absolutely correct. We typically refer to it as the GDPR journey for that reason.