GDPR - The new General Data Protection Regulation

What do I need to do in my shop to comply with GDPR?

What is GDPR?
Data Protection Agreement
Webinar - What is GDPR?
What do I need to do in my shop to comply with GDPR?
What does Abicart do to make it easy for me to clear old customer data?
Email addresses for newsletter mailings
Mandatory approvals

You can read the full data processor agreement here.
Appendix 1 to the data processor agreement - Instructions and information.

What is GDPR?

GDPR (General Data Protection Regulation) is the new General Data Protection Regulation that replaces the Personal Data Act (PuL) and is applicable as law in all EU member states as of 25 May 2018. The law is designed to strengthen the rights of individuals with regard to personal privacy.

The law applies to all processing of personal data. Any data whereby a natural person can be directly or indirectly identified, for example
- E-mail address
- Purchase history linked to individual
- Address information
- Picture of person
- Descriptions about customer in customer service

Personal Data Processing Agreement

Abicart processes personal data on behalf of our customers. All customers (shopkeepers) of Abicart will therefore be required to sign a Data Protection Agreement with Abicart. The agreement will be able to be signed with BankID in Abicart admin shortly. 

You can read the full data processor agreement here.

What do I need to do myself in the store to comply with GDPR?

Publish information in your webshop about what customer data is saved (suggested under Terms & Conditions & Info):

"We save the following personal data about our customers:

Customers: First name, Last name, Company/organisation, E-mail, Person/org.

Orders: ip-address, E-mail, , Person/organ number, VAT number, Address, Company, First name, Last name, Address, Postal code, City, Phone number.

As a customer you can request an extract, modification or deletion of this data at any time."

Do you collect e-mail addresses to send out newsletters? If so, you should have a clear heading for this in the checkout, for example, "Yes please. I would like to receive newsletters" so that the customer understands what they are signing up for.

If you have a customer club, membership or similar via customer groups, different rules apply. If the customer has agreed and registered in the store to be able to log in and get special offers, have access to a different range than end customers and/or is a retailer, you will specify in your terms and conditions why you need to keep this data longer than the normal period of one year. 

More information can be found in Annex 1 to the Data Protection Agreement: "Information and instructions for Abicart webshop owners" here.

What does Abicart do so that I can easily clear old customer data?

We have built a number of features to facilitate the handling of old customer data in the store.

According to Swedish law, you must keep order records for seven years. The store owner needs to make a choice in admin (Orders -> Settings) how long customer data should be saved on orders and then the personal data will be deleted after this time automatically. 

If you are a Swedish company, select "After 7 years" in the list. 

E-mail addresses for newsletter sending.
Many people think that you have to send out an email to all customers so that they have to sign up again in order to send newsletters. This is not really true because if you have had a clear text on your page when the customer signed up for the newsletter, the customer has already given consent. 

If you still want to send out an email to all customers to sign up for newsletters again, we can recommend Mailchimp, which is a tool for sending out newsletters and they have a ready-made function for this.

On the other hand, there are new rules on how long you can save an email address in the customer register. Depending on which industry you belong to, different rules apply but for a store that sells consumer goods, it is about a year you can save the data. If you sell motor vehicles, for example, it is 4-5 years. 

In order to be able to easily delete old customers, we have built a function under Customers -> Customer register -> the field "Last active before". 

Here you can select a date, for example one year back in time and then click on the search button. Then all customers who have not acted after this date will be displayed. Select all the customers by ticking the box to the left of "Customer number", then select "Remove selected customers" from the list above. 

NOTES! Please note that by default, 50 customers are displayed at a time. If there are more customers than 50 to be deleted, you can choose to show more customers on each page in the "Show number" list.

Mandatory approvals

There is a checkbox by default at checkout where all buyers must approve the store's terms before completing the purchase so you don't need to add this yourself. 

If you have created separate pages for e.g. the store's privacy policy and want customers to approve this as well, you can now create multiple checkboxes that must be approved at checkout. 

First you create your own page under "Own pages" -> New page and put all the information there. In our example we create a new page called "Privacy Policy".

To add a checkbox in the checkout go to the theme (Appearance -> Themes -> select theme, edit) and then Content -> Checkout -> Mandatory approvals.

Click on the "+Add Checkbox" button and the following fields will appear:

- Checkbox title, e.g. "I accept the store's"

- Link text, e.g. "privacy policy"

To the right under Link URL -> Pages is a list of all the store's own pages. Remember to create your own page first. Otherwise, you cannot choose to link to the page.

Don't forget to click the save button.