Using Shopify to comply with GDPR
When using Shopify, there are tools and information that you can use to help you to comply with General Data Protection Regulation (GDPR). Although using Shopify can help you with GDPR compliance, it’s important for you to understand your own obligations under GDPR and to ensure that you configure and use the platform in a way that complies with the requirements set forth by GDPR.
On this page
GDPR geographic requirements for processing or storing data
The GDPR doesn't require personal data to be processed or stored in Europe. The GDPR requires personal data of European residents transferred outside of Europe to be protected in accordance with applicable laws. Learn more about international data transfers.
Customer privacy
From your Shopify admin, go to Settings > Customer privacy to configure you privacy settings, such as your privacy policy, cookie banner, and data sales opt-out page, view installed privacy apps, and manage some of your marketing settings. Learn more about managing your customer privacy settings.
Data Processing Agreement
The Shopify Data Processing Addendum outlines the responsibilities between you and Shopify as a data processor. Shopify follows your instructions on how to handle that data. This agreement also helps to ensure that personal data is processed in accordance with European Data Protection Laws.
Data access and deletion
Upon request, Shopify offers tools that let you access, edit, and delete customer data. This helps you to fulfill a customer’s rights to access, rectify, or erase their personal data as required by GDPR. Learn more about processing customer data requests.
Privacy policy templates
From your Shopify admin, go to Settings > Customer privacy to configure you your privacy policy. Learn more about how to add a privacy policy to your online store.
Alternatively, you can use and customize pre-built policy templates offered by Shopify to communicate your data processing practices. By customizing these templates, you can be transparent about how you collect, use, and protect your customer’s personal data. Learn more about adding store policies.
Security measures
Shopify implements robust security measures to protect personal data, including encryption, firewalls, and regular security audits. Learn more about Shopify’s security certifications and standards.