GDPR - personal data protection in EU

 

On 25 May 2018 comes into force GDPR regulation on personal data protection in European Union. It will effects everyone who receives, collects and processes personal data of individuals in the EU.

Each operator is obliged to implement appropriate technical and organisational measures while personal data processing to meet the GDPR's requirements and protect data individuals' rights. Encryption is considered as one of the possible measures to protect sensitive data.

Personal data may be processed if you have a consent to processing of those personal data for one or more specified purposes or if the processing of personal data is necessary to fulfill the contract with the person concerned. The person concerned must be informed of the way and range of processing his data and the data may be further processed only for the purpose for which they were obtained.

The ClickEshop have a new platform to align with European legislation on data protection. Data are stored in systems with high security and stability. Projects are run in a secured data center with latest technologies and stored in encrypted form.

As a project administrator, you will face some obligations to ensure compliance with the GDPR. This is especially the following:

  • Inform customers about data you are processing and where they are used:
    - modify business conditions - in the case when personal data are used only for executing an order
    - in a separate part of the site, e.g. Privacy Policy - used for the marketing activities or third parties
  • on client's request - delete client - delete customer from registered customers
  • secure page with SSL certificate - in case your page uses customer login or collects data about clients (eg registration, newsletter, etc.), it is necessary to secure the page with SSL certificate that ensures secure encrypted data transfer between the user and the page

    You can order the SSL certificate from the price list additional service: https://clickeshop.com/webshop/price-list-a-features/m739

  • if the website is linked to third parties / e.g. google analytics, facebook, chat, .. / insert cookies consent + paste external scripts in GLOBAL HTML code / PAGE FOOTER - Marketing

    We have prepared a new type of COOKIE consent with the option to deny cookie: https://clickeshop.com/help/edit-content/cookie-acceptance/m849
  • carefully keep access data to the system and secure them from unauthorized use
  • do not provide customer data to third parties unless the user gave the consent
  • do not send newsletter to customers if the customer did not give consent to it. Customers who have given their consent to receive a newsletter are listed in the CUSTOMERS / Customers Newsletter


In the case of "privacy breaches" that lead to their loss, alteration, destruction or unauthorized usage, the operator is obliged to notify the relevant supervisory authority without undue delay. The operator should make the notification within 72 hours at latest.

Keep in mind that presonal data protection also applies to data that you have stored elsewhere outside of the internet store, eg in email, inbox, computer documents, google analytics etc.