Latest news from Shopify and eCommerce

  • TheGenieLab

New Shopify Store and GDPR (General Data Protection Regulation) Compliance

Updated: Mar 25

While Shopify has become an amazing eCommerce store builder that offers every type of theme imaginable, as well as there is an App for every desire – GDPR is not by default something you have complied with and remains to be the Storeowner’s responsibility to ensure compliance.

GDPR Jurisdiction

This applies to all EU (European Union) markets where GDPR is a requirement, so if your store ships to those countries, you are required to be compliant, even if your business is based outside of the EU.

GDPR Violation Consequences

If you are in violation of GDPR rules, there are 2 types of fines they can impose on your business. The first and more common fine is a 2% of revenue or €10 million fine – whichever is greater. The second is 4% of revenue/ €20 million with the same stipulation.

Key Compliance Rules

For new stores that have recently got online, might need to spend some time to be aware of what must be done. Here are the key takeaways of how your eCommerce store must respond to GDPR:

- You must ask permission from each visitor to your site if you are to collect any data from their visit, including analytic data when it comes to a visitor from the EU.

- In your privacy policy, you must declare why you are gathering this information and what will be done with this data.

- You must provide a method for which users can request their data, and must allow for its removal if requested by the user.

- Any 3rd party that may see/work-with/receive this data must also be GDPR compliant.

- You must map your data framework so it can be reviewed and be acted upon if requested.

How is this handled in Shopify

GDPR is not handled by the platform by default, the declaration, prompting of a user, and the process/procedure to manage the audited data and data removal is all up to the business to implement. Therefore, every business must seek compliance if they are to be visited by any EU person.

Guidelines to follow GDPR are linked here:

Every App used in your Shopify store must be GDPR compliant if it collects data from a user coming onto the site – this review must be made to ensure compliance. While Shopify already collects data and is GDPR compliant, all additional tracking/metrics tools require scrutiny in this regard.

As a business, you must assign a Data Protection Officer (DPO) that leads the effort on managing and auditing your store for GDPR.

Shopify’s GDPR Merchants How-to’s:

As a platform, Shopify has to have its own GDPR Disclosures:

When it comes to logistics with Shopify Shipping, given that you had to take the user’s information to get their goods to them, this is how that data process is required to be handled:


There is no “App” that can just do your GDPR for you, every business is different; each using different tools to merchandise their goods/service makes it impossible to automate. This is a business process requiring the structure to ensure that when setting up, or making changes, GDPR must be reviewed and be identified to be secure. There are tens of thousands of violation reports being processed by the EU and your business can be vulnerable if it does not comply.

Shopify is well structured, and allows you to easily do the audits and enables you to process/map your data collection so that you can perform GDPR compliance procedures. Just know that this affects all eCommerce stores, wherever they are so you are not alone in the quest to protect the data of your clients.

31 views0 comments

Technology Partners

Show More

Over 400+ projects delivered

Let us take your business to new heights.

(US) +1 305-762-0130   (UK) +44 2921 28 0699

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon

Our Expertise



The Company

Terms & Conditions

Privacy Policy


US Head Office:

400 NW 26th Street Miami, FL, 33127

 +1 305-762-0130

UK Office:

Falcon Drive, Cardiff, Mid Glamorgan,

CF10 4RU

+44 2921 28 0699

Subscribe for the latest news

© 2021 TheGenieLab LLC 


A Limited Liability Company | Incorporated in the State of Florida | No. L1000082688