Introduction
The General Data Protection Regulation (GDPR) is a replacement for the European Union Data Protection Directive which will be enforced on May 25, 2018. The new directives have been passed, as per the new technologies and business advances; a new approach to protection of the personal data has been introduced.
GDPR provides more control to the customers to control their personal data. Customers have the right to request for the deletion of the data. It is mandatory for the store admin to honor the customer request within 30 days. The Prestashop GDPR addon – Data deletion and data anonymization allows the store admin to provide an interface to the customer so that they can request for the deletion of the data under the GDPR directives.
Note: Knowband has also launched the Prestashop GDPR Addon – Rights of the Individual, this module allows to handle the customer rights with ease. Click here for the details.
The customer-end interface of the Prestashop GDPR Module –
As per the requirement, the admin has the choice to enable/disable any of these rights.
Installation of Prestashop GDPR Module
After placing your order for the Prestashop GDPR module you can download the zip file of the module. This zip file contains:
1) GDPR.zip (source code of the module)
2) User Manual
In order to install the extension in your Prestashop store follow the below-mentioned steps:
1) Unzip the gdpr.zip file.
2) Copy the entire content, that is, the files and folders of the unzipped folder. Paste the same into the “Modules” folder of your store’s directory. Follow the below-mentioned address path – Root Directory/modules/.
3) The Prestashop GDPR plugin is all set to be installed in the store. Go to the Store Admin and then to ‘Modules and Services’.
4) Click on the “Install” button just next to your module. It would show a pop-up for your confirmation. Click on “Proceed with the installation” option. This step will install the module and show notification – “Module(s) installed successfully”.
5) Once the installation is complete, you will get the access to the admin interface of the module by clicking on the “Configure” button.
Admin Interface of Prestashop GDPR Addon
In the admin section of the Prestashop GDPR Customer rights module following options are available:
1) GDPR Settings
2) GDPR Forgot Request
3) GDPR Anonymous Request
4) GDPR Email Templates
GDPR Settings
The GDPR Settings tab of the Prestashop GDPR Addon allows the store admin to enable the rights of the customer. The Settings tab of the Prestashop GDPR module has the following options:
1) Enable the Plugin:
As per the requirement, admin can Enable/Disable the data deletion and data anonymization option for the customer.
2) Maximum request per day:
The customer can request for the deletion of the data, the admin can set the limit for the requests by each user on daily basis. It will be recommended to set the maximum requests per day to a minimum number to avoid the spam requests.
3) Data anonymization request:
If the setting for the Right to be Anonymous is enabled from the admin panel of the Prestashop GDPR addon – data deletion and data anonymization, then the customer will be able to make a request for data anonymization. As soon as the customer will request for the data anonymization a confirmation email will be sent to the customer. As per the customer’s confirmation, customer details will be anonymized. Admin has the choice to anonymize the personal details of the customer like Name and email-id. The admin has the option to override the changes to the previous orders.
Enable the Data anonymization settings:
If the data anonymization settings are enabled from the admin interface of the Prestashop GDPR module then the customer will be able to request for the data anonymization and in this case, only customer name will be replaced by the random name.
If a customer request for the Data anonymization, then a confirmation email will be sent to the registered email address and the customer will be requested to confirm the request.
Email confirmation:
After requesting for the data anonymization customer will receive an email with a request to confirm the data anonymization request.
Note:
In case you are using the third-party services and sharing the customer data with third-party, then you need to make the required changes as per the procedure followed by the service provider. This GDPR module will anonymize the data which you have stored in your database only. The data anonymization process is just like the data deletion request.
4) Enable to update information in Order:
If a customer requests to make his/her information anonymous then admin can select the option to enable/disable the changes to the previous orders. If this setting is enabled from the admin interface of the Prestashop GDPR addon then the previous order details will be overridden.
5) Enable to generate Fake Email ID:
Admin has the choice to enable the settings to replace the customer’s email id by the system generated email-id. If the customer would like to anonymize his/her email id then they can submit the request for email id anonymization.
If the customer submits the request to anonymize the email id also. Then the customer email id will be replaced by a system generated an email.
The customer can save the system generated email id to access his/her account.
6) Enable right to be Forgotten:
The new GDPR Directives allow the customer to erase their personal data. By using the Prestashop GDPR Addon module by Knowband, the admin can provide an interface to the customers to raise requests for the data deletion.
The data deletion report request interface for the customer will be as below:
After requesting for the Account deletion the customer will be notified that an email with the confirmation request has been sent to the registered email id.
Note:
1) It is recommended to consult with your legal team before enabling this setting. After deleting the customer’s personal data it cannot be retrieved. Admin has the option to enable the delete order setting which has been explained in the next topic.
2) In case you are sharing the customer data with third-party service providers then you need to delete the customer data manually. As of now, this module does not support the feature to delete the data shared with the third-party service providers.
Example: If you are using MailChimp for sending promotional emails then you have to delete the customer details from MailChimp list manually.
9) Enable to Delete Orders:
If a customer has requested for the data deletion request under the GDPR, then the admin has the choice to delete the personal data of the customer along with the previous order details. If this setting is not enabled from the admin interface of the GDPR module then only personal data will be deleted and order information will remain as it is.
Note:
It is recommended to consult with your legal team before enabling the order deletion settings. The order details deleted from the system cannot be retrieved.
8) Enable Store Policy Acceptance:
If a customer would like to raise a request under GDPR rights then admin can add the condition to accept the Privacy Policy link before requesting for the Account Deletion or Data Anonymization. The admin interface of the Prestashop General data Protection Regulation addon allows the store admin to enable the setting so that for each request customer need to accept the terms and policy.
9) Store Policy Page:
Admin can add the URL of the page on which all the Terms and Conditions are listed. The customer can check the Terms and Conditions by clicking the link available with the message at the time of raising the request.
10) Display Header Menu
Display Header Menu option of the Prestashop GDPR compliance addon allows the store admin to display the GDPR option in the header section of the website. By enabling “Display Header Menu” setting of the Prestashop GDPR addon, store admin can allow the guest users to access the GDPR rights.
11) Header Menu Text
Admin can define the text for the Header Menu.
GDPR Forgot Request
The Prestashop GDPR Addon keeps the log of all the data deletion requests. This log is helpful for the admin to verify that the customer details have been deleted or not. Admin can also use this log to remove the customer data from the third-party service providers.
Note:
As soon as a customer request for the deletion of his/her details a confirmation email will be sent to the customer. As per the customer’s confirmation, the details of the customer will be deleted from the system.
The Prestashop GDPR Module allows the admin to exclude the previous orders so that only the personal details of the customer will be deleted but order details will be saved for the future reference. Please use this setting carefully because the data deleted once cannot be retrieved. It is strongly recommended to consult with your legal team to make sure how to use this setting.
The Prestashop GDPR Module only deletes the customer data from the store database. If you share the customer data with the third-party service providers (eg. MailChimp) or store it on the third-party platform (eg. Google Drive) then you need to delete the customer data from these platforms manually.
GDPR Anonymous Request
The Prestashop GDPR Addon keeps the log of the Data Anonymization requests. Admin can use this log to verify the status of the data anonymization requests.
GDPR Email Templates
The Prestashop GDPR Addon by Knowband allows the admin to send following emails to the customer on raising a request under the GDPR.
- Confirm Your GDPR Account Deletion Request
- Confirm Your GDPR Personal Data Anonymous Request
- Customer has confirmed GDPR Request
Confirm Your GDPR Account Deletion Request
Admin can update the Subject line and the email text by using the GDPR Email Template Settings.
The default format of the email template is as below:
Confirm Your GDPR Personal Data Anonymous Request
Admin can update the Subject line and the email text by using the GDPR Email Template Settings.
the default format of the email template is as below:
Customer has confirmed GDPR Request
Note: The purpose of these features is to help you to meet with the GDPR requirements. Installing this module only does not guarantee merchant sites’ compliance with the new obligations imposed by the GDPR. It is your responsibility to put in place all the necessary measures to ensure you comply.