The GDPR is the European Union’s new data privacy law. The GDPR requires companies to take steps to help secure personal data rights and more generally protect that data. The regulation also provides individuals with certain rights over their personal data, including a right to access, correct, delete, and restrict processing of their data.
When does the GDPR take effect?
The GDPR takes effect on May 25, 2018.
Does the GDPR require European personal data to be stored in Europe?
The GDPR doesn't require personal data to be stored in Europe. The GDPR only requires that if the personal data of European residents is transported outside of Europe, then that personal data must be adequately protected. Companies are already required to take these steps under existing law.
Will Shopify transfer European personal data outside of Europe?
Shopify's technical infrastructure relies on data centers and cloud service providers that are located outside of Europe. Recognizing that this places a burden on merchants who are located in or servicing customers in Europe, Shopify recently shifted the processing of data about European residents to Shopify International Ltd., based in Ireland. As a result, European merchants no longer export data to Shopify. Rather, Shopify's Irish affiliate receives this data within Europe and then transfers it to the company's Canadian and US operations.