Please review the following GDPR checklist to determine if your Magento store is fully GDPR compliant:
- Install the Plumrocket GDPR extension for Magento
- Map your data - establish what data your business collects and where. This may include any third-party extensions or services your company is using.
- Contact the third party services you are using to confirm that they are fully GDPR compliant
- Contact vendors of the third-party extensions you are using, to ensure that their extensions are GDPR compliant. Ask them if their extensions record any personal customer data in your Magento database. If they collect any personal data, they may become GDPR compliant by integrating their plugins with Plumrocket GDPR Extension using the provided API.
- Make your consent process clear, specific and transparent. Use the built-in consent functionality of Plumrocket GDPR extension to ensure that all customer opt-ins are recorded in the consent log.
- Name a Data Protection Officer (DPO). It is a good business practice to appoint someone responsible for data protection within your company. Specify the email of the DPO in Plumrocket GDPR extension settings.
- Put security measures in place:
- Ensure your website is using HTTPS.
- Guard against data breaches.
- Store and process the information you collect on computer systems with limited access, which are located in controlled facilities. Ensure that your webhosting uses best-practice physical, environmental and digital security systems.
See other FAQ for Magento 2 GDPR Extension
- How GDPR Data Privacy Center Works
- How to Download and Remove Account Data via GDPR Data Privacy Center
- How to Update Given Privacy Consents via GDPR Data Privacy Center
- How to Set Up Magento 2 GDPR Extension for EU Visitors Only
- Which Cookies Are Disabled by Plumrocket GDPR Extension
- How do I know if General Data Protection Regulation (GDPR) is applicable to my business