General Data Protection Regulation

GDPR OverviewLearn How To Keep Your Customer Data Private

With the new General Data Protection Regulation, we're taking steps to inform our merchants how they can achieve compliance and protect their data.

What is GDPR?

The General Data Protection Regulation (GDPR) is the European Union's new data protection guidelines for how businesses collect, process, and store private customer data.

Who does GDPR Affect?

The General Data Protection Regulation applies to any business or organization that operates in or has customers who are citizens of the European Union. Businesses that utilize third-party software and services to collect, process, and store data are also responsible for their compliance to GDPR.

When Does GDPR Go Into Effect?

After a two-year transition period, the General Data Protection Regulation takes effect on Friday, May 25, 2018, and will be enforceable beginning on this date. After May 25, 2018, businesses may be subject to a non-compliance fine of 4% of your company's global revenue or €20 million, whichever sum is larger.

How to Achieve GDPR Compliance

• Collecting Personal Data – Communicate and be transparent about the personal data being collected including name, address, email address, cookie ID's and IP addresses. Only necessary data should be collected from customers.
• Privacy Notice – (Articles 12 - 14) Make sure your organization's Privacy Policy includes the required information from GDPR.
• Customer Consent – GDPR states consent should be "freely given, specific, informed and unambiguous." Customers 16 years of age and older are now required to give their consent by opting in. Customers under the age of 16 are considered to be minors and are not able to provide consent.
• Access – Consumers should have the right to access and control their personal data.
• Erase Data – Give consumers 'right to be forgotten' allow a process to remove personal data upon request.
• Data Breaches – Organizations are required to provide notice of a data breach within 72 hours of the incident.
• Secure Data – Use two-factor authentication to protect data.

How does GDPR affect your Miva Store?

The General Data Protection Regulation applies to any business or organization that operates in or has customers who are citizens of the European Union. Businesses that utilize third-party software and services to collect, process, and store data are also responsible for their compliance to GDPR.