We've written a FAQ dedicated to RGPD to answer any questions you may have about these regulations.
What is RGPD ?
May 25 2018 marked the entry into force of the General Regulation on the Protection of Personal Data (RGPD). The RGPD website provides a framework for the processing of personal data onUnion européenneterritory.
The introduction of this European regulation aims to harmonize rules within theUnion européenne network, but also to respond to changes in technology and society. By strengthening the rights of data subjects, RGPD aims to enable them to retain control over their data.
In addition to enhancing the value of your data management, professional compliance with the regulations is a considerable asset in boosting user confidence.
We have written a white paper RGPD detailing the content of this regulation and the reasons for its entry into force. To find out more, download it!
When do the regulations apply?
RGPD is intended to apply to all processing of personal data, whether automated or not.
Any collection, consultation, conservation, modification, extraction, consultation, use, communication, destruction, etc. is considered to be "processing".
Personal data is any information relating to a natural person who is - directly or indirectly - identified or identifiable, in particular by reference to an identifier, such as a name, identification number, IP address, location data, online identifier, etc., and which may be used to identify the user.
Who's concerned?
Two types of person are likely to process personal data within the meaning of RGPD : the data controller and any subcontractors.
The controller is the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing operation.
The processor, on the other hand, processes personal data on behalf of the controller, and as such determines neither the purposes nor the essential means of the processing. Qualification determines the applicable liability regime.
From a territorial point of view, the regulation concerns not only any European company, but also any company located outside this territory but processing the personal data of European citizens.
What does this mean for end customers?
The RGPD website gives every individual the right to have his or her personal data processed.
First of all, the person concerned by the processing of personal data must be informed. Irrespective of the purpose or legal basis of the processing, the data subject has a :
- Right of access to data ;
- Right to rectify data ;
- Right to delete data ;
- The right to limit the processing of personal data.
If the data subject has given his/her consent to the processing of his/her data, he/she also has the right to withdraw this consent at any time. However, withdrawal of consent in no way renders unlawful the processing already carried out on this legal basis.
If the data subject has given his or her consent to the processing of his or her data, or if the processing is based on contractual performance, he or she has the right to the portability of the data he or she has supplied.
Finally, if the processing is based on the legitimate interests of the organization, the data subject has the right to object on legitimate grounds in accordance with Article 21 of RGPD. However, if your data is processed for canvassing purposes, you will not be required to justify your reasons.
What does this mean for PrestaShop retailers?
E-tailers need to ensure that their store allows end customers to exercise all their rights when it comes to processing personal data. E-tailers must therefore enable their customers to :
- To be informed about the collection and use of their data;
- To be able, where necessary, to give and withdraw their consent to the collection and processing of their personal data;
- To have access to it, to be able to rectify their data, to obtain their portability as well as, in certain cases, to oppose their processing and obtain their deletion.
E-tailers must also :
- Only collect data that is necessary and relevant to the store's business objectives;
- Keep data only as long as necessary for the purpose for which it was collected;
- Inform customers about data collection and their rights;
- Implement all technical and organizational measures to demonstrate that their practices comply with RGPD.
What is PrestaShop doing to help e-tailers comply with RGPD ?
PrestaShop has developed a module to help e-tailers and module developers comply with RGPD. The purpose of this module is to manage personal data collected by the PrestaShopsoftware, by native modules and by community modules installed on your store (only modules that are themselves RGPDcompliant).
It will enable you to comply with RGPD by meeting the following requirements:
- Users' right of access to their personal data from their customer account ;
- Users' right to data portability (copy of their data exportable as a CSV file and PDF);
- Users have the right to have their personal data modified and/or deleted, subject to validation by the merchant;
- Users' right to give and withdraw their consent ;
- Obligation for e-tailers to keep a register of processing activities (in particular for access, consent and deletion of personal data).
Do you have a PrestaShop store? 1.7
Here are the 3 steps to follow to install the RGPD module:
- In the back office, go to Modules > Modules & Services.
- In the Selection section, use the search bar to enter the following word (depending on the store language):
- EN: "GDPR
- FR : "RGPD"
- ES : "RGPD"
- DE : "DSGVO"
- IT : "RGPD"
- NL AVG
- PL GDPR
- PT: "RGPD"
- RU GDPR
- All other languages: "GDPR
- WARNING: this is the exact term that must be used, otherwise the module cannot be found in the list.
- A module will appear: "Official GDPR compliance" (EN) or "RGPD Officiel" (FR). Click on Install and you're done!
Do you have a PrestaShop store 1.6 & 1.5 ?
We have specially developed for you an official RGPD module compatible with the 1.6 & 1.5 version of PrestaShop. Discover our official RGPD module compatible with PrestaShop version 1.6 & 1.5 on our Marketplace PrestaShop Addons.
What does this mean for PrestaShop contributors?
You, the contributors, are very likely to be affected by RGPD, since the products you sell on Addons are very likely to meet the conditions of application of RGPD, namely:
- Your products (modules, themes, email templates) collect personal data (any information relating to a natural person and enabling that person to be directly or indirectly identified): identity, email address, IP address, telephone number, location data, consumption habits, etc. This data is used to identify you and your products.
- The users of your products are located on the territory ofUnion européenne, i.e. if your product is on sale in at least one of theUEcountries.
For more information, visit FAQ RGPD.
Comments
0 comments
Please sign in to leave a comment.