How to Make my Magento Store Fully GDPR Compliant

Please review the following GDPR checklist to determine if your Magento store is fully GDPR compliant:

  • Install the Plumrocket GDPR extension for Magento
  • Map your data - establish what data your business collects and where. This may include any third-party extensions or services your company is using. 
    • Contact the third party services you are using to confirm that they are fully GDPR compliant
    • Contact vendors of the third-party extensions you are using, to ensure that their extensions are GDPR compliant. Ask them if their extensions record any personal customer data in your Magento database. If they collect any personal data, they may become GDPR compliant by integrating their plugins with Plumrocket GDPR Extension using the provided API. 
  • Update your Privacy Policy. Ensure your privacy policy is updated to address the GDPR. Describe what, why and how you collect and use personal information of your customers, how you protect it and how customers can contact you.
  • Make your consent process clear, specific and transparent. Use the built-in consent functionality of Plumrocket GDPR extension to ensure that all customer opt-ins are recorded in the consent log.
  • Update your Cookie Policy and enable Magento cookie notice. 
  • Name a Data Protection Officer (DPO). It is a good business practice to appoint someone responsible for data protection within your company. Specify the email of the DPO in Plumrocket GDPR extension settings.
  • Put security measures in place:
    • Ensure your website is using HTTPS.
    • Guard against data breaches.
    • Store and process the information you collect on computer systems with limited access, which are located in controlled facilities. Ensure that your webhosting uses best-practice physical, environmental and digital security systems.

Still Need Help?