GDPR overview

The GDPR is the European Union’s new data privacy law. The GDPR requires companies to take steps to provide individuals with more visibility into and better control over how their personal data is used. It also requires that companies handle that data securely and responsibly.

When does the GDPR take effect?

The GDPR took effect on May 25, 2018.

Does the GDPR require European personal data to be stored in Europe?

The GDPR doesn't require personal data to be stored in Europe. The GDPR requires only that if the personal data of European residents is transported outside of Europe, then that personal data must be adequately protected.

Shopify protects personal data according to the requirements of the GDPR as it is transferred to the United States and Canada and stored. For more information about how personal data from the European Economic Area (EEA) is received and processed by Shopify according to GDPR standards and information security best practices, see Shopify’s GDPR whitepaper.

Download Shopify's GDPR whitepaper

For more information about how Shopify complies with the GDPR, and to make sure that you will be in a position to comply in relation to your use of Shopify, download Shopify's GDPR whitepaper document.

Ready to start selling with Shopify?

Try it free