See all the questions concerning the General Data Protection Regulation in the European Union and our answers which will enable you to comply with this regulation.
On 25 May 2018, the General Data Protection Regulation (GDPR) came into force. The GDPR provides a legal framework for the processing of personal data within the European Union.
The introduction of this European regulation aims to harmonize the rules in the European Union, but also to respond to changes in technology and in our societies. By reinforcing the rights of the data subjects, the GDPR aspires to enable them to keep control of their data.
Compliance with the regulation by professionals, in addition to enhancing the value of your data management, is a considerable asset to increasing data subjects’ confidence.
We have written a GDPR white paper detailing the content of this regulation and the reasons for its entry into force. Learn more, download it!
The GDPR is intended to apply to any processing of personal data, whether automated or not.
Any collection, consultation, storage, alteration, retrieval, consultation, use, disclosure, destruction, etc. is considered as processing.
Personal data is any information relating to a natural person who is directly or indirectly identified or identifiable, in particular by reference to an identifier, such as a name, an identification number, an IP address, location data, an online identifier, etc.
Two types of persons are likely to process personal data within the meaning of the GDPR: the data controller and its possible processors.
The controller is the natural or legal person, public authority, department, or other body that, alone or jointly with others, determines the purposes and means of the processing.
The processor, on the other hand, processes personal data on behalf of the controller and as such does not determine either the purposes or the essential means of the processing. The qualification makes it possible to determine the applicable liability regime.
From a territorial point of view, the regulation concerns not only any European company but also any company located outside this territory but processing the personal data of European citizens.
The GDPR provides every individual with rights regarding the processing of their personal data.
First of all, the data subject must be informed about the processing of personal data. Irrespective of the purpose or legal basis of the processing, the data subject has the following rights:
If the data subject has given your consent to the processing of his data, he also has the right to withdraw this consent at any time. However, the withdrawal of consent does not in any way render unlawful the processing already carried out on this legal basis.
If the data subject has given his consent to the processing or the processing is based on contractual performance, he has a right to the portability of the data provided.
Finally, if the processing is based on the legitimate interest of the organism, the data subject has a right to object on legitimate grounds in accordance with Article 21 of the GDPR. However, where the data is processed for the purpose of canvassing, the data subject will not be required to give reasons.
E-sellers must make sure that their store allows end clients to exercise all their rights concerning the processing of personal data. Therefore, e-sellers must allow their clients to:
In addition, e-sellers must:
PrestaShop has developed a module to help e-sellers and module developers to comply with the regulation by respecting the following requirements. The purpose of this module is to manage personal data collected by the PrestaShop software, native modules, and community modules installed on your store (only modules that are GDPR-compatible themselves).
It will bring you into compliance by respecting the following requirements:
Here are the 3 steps to installing the GDPR module: