This information is one in a series of topics to help Adobe Commerce and Magento Open Source merchants and developers understand the implications of the General Data Protection Regulation (GDPR). The information is intended for informational purposes only and should not be construed as legal advice. To determine whether and how your business should comply with any legal obligations, consult with your legal counsel.
The General Data Protection Regulation (GDPR) is legislation that regulates data protection and privacy for all individuals in the European Union and the European Economic Area. The legislation also applies to the export of personal data outside the EU. The GDPR was adopted in April 2016, and became enforceable on 25 May 2018. Businesses that are not based in the EU, but engage in global commerce are required to comply with the regulation. The GDPA defines personal data as follows:
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
All organizations that process personal data must disclose the following:
If your business is required to comply with both the GDPR and the California Consumer Privacy Act (CCPA), you can use some of the work from your GDPR compliance program for the CCPA. Although the regulations have some similarities, a few differences include:
Businesses that comply with GDPR might have additional obligations under the CCPA. To learn more, see the CCPA Fact Sheet.
Examine the current privacy policies for all of your stores to ensure that they align with any applicable legal requirements (including, but not limited to GDPR and CCPA).
Update your Google settings and ensure that they align with your legal obligations regarding the use of personal data.
Maintain transparency and keep thorough documentation.
To learn how Adobe helps merchants comply with applicable legal obligations, visit the website.
For data flow diagrams and database entity mapping, see the Personal Information Reference.