After GDPR took effect, webstore owners have to reconsider the ways they engage with European customers. Amasty shares their experience of adapting Magento modules to the new law.
On May 25th, GDPR (General Data Protection Regulation), a European law adopted in 2016, eventually took effect. Simply put, the law regards the processing of personal data of EU customers and thus affects how the e-commerce companies that sell products to European countries treat their shoppers’ information.
According to the law, personal data comprises every piece of information that allows identifying a person directly or indirectly, including name, personal ID, address, demographics, etc. The idea of GDPR is to limit the amount of the data, which companies request from customers, to a necessary minimum and make the consent to personal data processing compulsory. Companies are obliged to state clearly how customers’ personal data is used and ask permission to do it.
At the same time, success in e-commerce depends on how relevant a company is and consequently how well they know their customers. Collecting and processing customer data in this regard is rather a must than an option for webstores. Introduction of GDPR for sure posed some concerns about the future of customer engagement. The challenge is to strike the balance between the need for customer information and the requirement to comply with the new law.
Though it is better to speak with a lawyer or a data protection professional to clarify how GDPR applies to a particular company, Amasty for their part started to tackle the problem. Amasty reviewed the modules that deal with customer data and designed new functionality that would allow Magento webstore owners become compliant with GDPR.
The Magento 2 Customer Groups module is an example of such adaptation. The extension per se is meant to define groups based on customer data and then make a company’s communication more accurate. The module can be also used to replace the “Add to cart” button with a contact form. Though the contact form collects basic customer data, such as name, email, and phone number, it should ask for a customer’s permission to comply with GDPR.
To make it happen, Amasty introduced several tweaks to the extension. First, webstore owners can now create a custom GDPR consent message that users will see before requesting a quote. Second, the pop-up consent message provides a link to a custom CMS page where a webstore owner can explain in detail how customer data is used. Third, only after customers mark that they have read the terms, they can see the form with personal data, fill and submit it. This way, the module helps webstore owners automatically get customers’ permission for processing their personal data and excludes any possible disputes.
The Customer Group Catalog is just one example of how GDPR affects e-commerce in general and the owners of Magento websites in particular. Amasty promised that soon each Magento module that uses personal information will get necessary changes.
As a comprehensive measure, Amasty designed a special GDPR module (the Magento 2 version is coming up soon). This extension allows performing multiple tasks to ensure GDPR compliance, such as managing documentation and consents, giving customers full control over personal data, enabling email notifications about privacy policy updates and more.