General Data Protection Regulation (GDPR)
The European Union's General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR imposes new obligations and responsibilities on controllers and processors of data.
As a merchant, you are generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it is handled. Additionally, though it is a European regulation, the GDPR might apply to your business if you make goods and services available in Europe, even if you or your business are not located in Europe.
As a processor for your customers’ data, Shopify follows your instructions on how to handle that data. For more information about the roles of data controller and processor, please see Shopify’s GDPR whitepaper. For information about Shopify’s obligations as a data processor for your customer data, see the Data Processing Addendum.
Shopify believes strongly in protecting your customers’ personal data as well as your own, and understands that doing so is critical to help you preserve the trust and confidence of your customers. Shopify has designed its platform to allow merchants to operate anywhere in the world. GDPR-compliant features are built into Shopify's platform, including features to enable you to offer your customers transparency into and control over their personal data, and technical measures to ensure that your customers’ personal data is protected as it crosses borders. Shopify believes in making it easy for you to use our platform in a manner that complies with privacy and data protection laws like the GDPR.
While Shopify does what it can to set you up for success, there are also steps you will need to take on your own, and ultimately, compliance with the GDPR is the responsibility of each individual merchant. If you have legal questions specific to your obligations under the GDPR, then please consult with a local lawyer who is familiar with data protections laws.
Download Shopify's GDPR whitepaper
For more information about how Shopify complies with the GDPR, and to make sure that you will be in a position to comply in relation to your use of Shopify, download Shopify's GDPR whitepaper document.