1.0 Introduction
The General Data Protection Regulation (GDPR) is a replacement for the European Union Data Protection Directive which will be enforced on May 25, 2018. The new directives have been passed, as per the new technologies and business advances; a new approach to protection of the personal data has been introduced.
1.1 New Data Protection Rights under GDPR
1) Transparent information, communication, and modalities for the exercise of the rights of the data subject
2) Information to be provided where personal data are collected from the data subject
3) The right of access by the data subject
4) Right to rectification
5) Right to erasure (‘right to be forgotten’)
6) Right to restriction of processing
7) Notification obligation regarding rectification or erasure of personal data or restriction of processing
8) Right to data portability
9) Right to object
10) Automated individual decision-making, including profiling
Under GDPR it is mandatory for the store owners to provide with thorough information about how the personal data of the customers will be processed. This information can be mentioned on the Privacy Policy page. The information given on the Privacy page should be concise, transparent, intelligible, and easily accessible, in clear and plain language, free of charge.
1.2 How Prestashop GDPR module by Knowband helps the sellers to comply with GDPR?
The PrestaShop GDPR Module by Knowband helps the sellers to comply with the GDPR directives without putting any extra efforts. By installing the GDPR module admin can display the GDPR Tools option on the account details page at the front-end of the customer. The GDPR module handles the following requests:
1) Cookies Consent Bar
2) Right of access to the personal data
3) Right to data portability
4) Right to be anonymous
5) Right to be forgotten
6) Right to data rectification
7) Right to restriction of processing (coming soon)
8) Rights related to the automated decision making
Additional features offered by Prestashop GDPR Module:
- Cookie consent bar: Admin can display the cookie consent bar on the website. The Cookie option also blocks the cookies used by the third party modules.
- Checkboxes for the user consent on the registration and contact form: The Prestashop GDPR Addon allows the store admin to display the additional checkboxes on the Registration and Contact form.
- Data download from the admin: Admin can download the personal data of the customer in CSV format so that it can be shared with the customer.
- Data Deletion option: Admin can delete the customer data from the back-office.
- GDPR Request Log: The Prestashop GDPR Module keeps the log of GDPR requests, as a proof of the processing of the requests.
- GDPR request retention period: Admin can set the retention period for the GDPR requests received. After the set duration, the GDPR request data will be deleted.
- Email templates: Prestashop GDPR Module offers so many email templates that help to automate the process.
- Guest User: Guest users can also request for their personal details with ease.
- Geo Location Targeting: The online merchant can set IP address and select country/regions for showing specific GDPR functionalities like cookie consent bar, user consent check-box, GDPR links in my account page and GDPR header menu link.
Customer Interface of the Prestashop GDPR Module
A logged in customer can access the GDPR rights from My Account section. Here a separate tab, GDPR will be visible to the user by accessing this GDPR tan the logged in user can access the GDPR rights. Please refer to the attached screenshot:
On clicking the GDPR tab a new page will get opened. Here all the GDPR rights of the customer (enabled by the admin) will be listed and customer can access any of these rights with ease.
As per the requirement, the admin has the choice to enable/disable any of these rights.
2.0 Installation of Prestashop GDPR Module
After placing your order for the Prestashop GDPR module you can download the zip file of the module. This zip file contains:
1) GDPR.zip (source code of the module)
2) User Manual
In order to install the extension in your Prestashop store follow the below-mentioned steps:
1) Unzip the gdpr.zip file.
2) Copy the entire content, that is, the files and folders of the unzipped folder. Paste the same into the “Modules” folder of your store’s directory. Follow the below-mentioned address path – Root Directory/modules/.
3) The Prestashop GDPR plugin is all set to be installed in the store. Go to the Store Admin and then to ‘Modules and Services’.
4) Click on the “Install” button just next to your module. It would show a pop-up for your confirmation. Click on “Proceed with the installation” option. This step will install the module and show notification – “Module(s) installed successfully”.
3.0 Admin Interface of Prestashop GDPR Addon
In the admin section of the Prestashop GDPR Customer rights module following options are available:
1) GDPR Settings
2) EU Cookie Law
3) User Consent
4) GDPR Data Portability
5) GDPR Forgot Request
6) GDPR Anonymous Request
7) GDPR Rectification Request
8) GDPR Personal Data Request
9) GDPR Automated Decision Making
10) GDPR Email Templates
11) GDPR Geo Targeting
12) GDPR Crons
3.1 GDPR Settings
The GDPR Settings tab of the Prestashop GDPR Customer Rights module allows the store admin to enable/disable the customer’s rights. As per the settings enabled by the admin, the customer will be able to access the rights from his/her account. Please refer to the attached screenshot below:
The Settings tab of the GDPR module has following options:
3.1.1 Enable the Plugin
As per the requirement, admin can Enable/Disable the Prestashop GDPR Compliance Plugin. If the setting of the Enable the Plugin is yes, only then this module will work.
3.1.2 Maximum request per day
Customers have the right to request the personal data. Admin can set the limit for the requests on daily basis. It will be recommended to set the maximum requests per day to a minimum number to avoid the spam requests.
3.1.3 Enable Right of access to personal data
The right of access to personal data allows the customers to check their personal details which they have shared with the data controller.
If this setting is enabled from the admin interface of the Prestashop GDPR addon only then customers will be able to able to check their personal details by logging into their account. The screenshot of customer end has been attached below:
Step-1:
Request for the GDPR Personal Data report – Prestashop GDPR Addon
As soon as the customer request for the GDPR personal data report, the customer will be notified that an email with the confirmation link has been sent to the entered email address.
Step: 2
Confirm the GDPR Request.
Step: 3
As soon as the customer will confirm the GDPR Personal Data Request, an email with the customer details will be sent to the customer.
3.1.4 Enable Right to Data Portability
Right to data portability allows the customer to download his/her personal data so that he/she can share this data with other data controller with ease.
If this setting is enabled from the admin interface of the Prestashop GDPR Module only then the customer will be able to download their personal data in CSV format. As of now, the Prestashop GDPR Module allows the customers to download their personal data like – Account information, Address details, Order details. The screenshot of the interface at the customer end has been attached below:
Personal Information Report:
3.1.5 Enable Right to be Anonymous
If the setting for the Right to be Anonymous is enabled from the admin panel of the Prestashop GDPR addon then the customer will be able to make a request for data anonymization. As soon as the customer will request for the data anonymization a confirmation email will be sent to the customer. If the customer confirms the data anonymization request, as per the settings enabled by the admin personal details like Name, Email Id will be replaced by random details. To process the data anonymization request the Prestashop admin has the following option:
• Enable Right to be Anonymous: If this setting is enabled from the admin then the customer will be able to request for the data anonymization but in this case, only the name of the customer will be anonymized.
As soon as a customer registers the Data anonymization request customer will be notified to confirm the data anonymization request over email.
Email confirmation:
On request for the data anonymization customer will receive the email at the entered email address with a request to confirm the data anonymization request.
Note:
In case you are using the third-party services and sharing the customer data with third-party, then you need to make the required changes as per the procedure followed by the service provider. This GDPR module will anonymize the data which you have stored in your database only.
3.1.6 Enable to update information in Order
If customer requests to make his/her information anonymous then admin can select the option to enable/disable the changes to the previous orders. If this setting is enabled from the admin interface of the Prestashop GDPR addon then the previous order details will also be replaced.
3.1.7 Enable to generate Fake Email ID
If a customer raises a request for the data anonymization then admin can select the option to replace the email id of the customer by fake email id. Please refer to the attached screenshot:
If the customer submits the request to anonymize the email id also. Then the customer email id will be replaced by a system generated email-id.
The customer can use the system generated email id for accessing the account.
3.1.8 Enable right to be Forgotten
As per the new GDPR Directives customer has the right to be forgotten. If this setting is enabled from the admin interface of the Prestashop GDPR Compliance Module then the customer can request for the deletion of his/her data by accessing his/her account. After receiving the request of the customer a confirmation email will be sent to the customer and as per customer’s approval, entire details of the customer will be deleted from the database.
The forgotten request interface for the customer will be as below:
Customer will be notified that an email with the confirmation request has been sent to the registered email id.
To handle the data deletion option admin has the following options from the back-office:
- Enable right to be forgotten: Admin can enable the Right for the customers. If enabled only then customers will be able to request for the data deletion.
- Action to be taken for orders: In order to process the data deletion requests, the admin has the options to select the action for the previous orders. Admin can select the options like Delete orders, Random data fill or No Action for orders. If the Delete Order option has been selected then the order will be deleted, in case of random fill the personal details of the customer will be replaced by the random data but the order and product details will remain as it is. This will help the admin to maintain the statistics of the orders and product sale. In case of No Action, the previous order details will remain as it is.
- Time to process request deletion: Admin can set the option to delete the customer data immediately or after some time. The Prestashop GDPR Addon allows the delete the customer data after a fix time interval and admin can setup the cron to automate the process.
In order to complete the data deletion request go to the Data Forgot tab of the Prestashop GDPR Addon module and click on the “Process Forgot Request”.
Admin can also set up the cron job to automate the process.
Note:
1) It is recommended to consult with your legal team before enabling data deletion settings. After deleting the customer’s personal data it cannot be retrieved. Admin has the option to enable the delete order setting which has been explained in the next topic.
2) In case you are sharing the customer data with third-party service providers then you need to delete the customer data manually. As of now, this module does not support the feature to delete the data shared with the third-party service providers.
Example: If you are using MailChimp for sending promotional emails then you have to delete the customer details from MailChimp list manually.
3.1.9 Enable the right to data rectification
A customer has the right to update the incorrect personal data. The Prestashop GDPR Customer Rights Module allows the store admin to let the customer modify the personal data like personal details, address etc.
3.1.10 Enable Right to Restriction of Processing
This feature will be updated soon.
3.1.11 Enable Rights in relation to automated decision making and profiling
If this setting is enabled from the admin panel of the Prestashop GDPR compliance module then store admin will be able to list the services which make a decision by automated means. If a customer requests for the services which make a decision by automated means then the customer will get an email to confirm the request. As soon as the user will confirm the request, the user will be redirected to a new link. Here all the services with the automated decision making will be listed and the user can select the one which he/she would like to continue.
3.1.12 Enable Store Policy Acceptance
If a customer would like to raise a request under GDPR rights then admin can add the condition to accept the Terms and Conditions before requesting for the GDPR request for the Personal Data, Account Deletion or Data Anonymization.
3.1.13 Store Policy Page
Admin can add the URL of the page on which all the Terms and Conditions are listed. The customer can check the Terms and Conditions by clicking the link available with the message at the time of raising the request.
3.1.14 Services/ Other locations where you store customer data
If you use the third-party services and share the customer data with them, then list down all the third-party service providers here. This information will be sent to the customer if he/she request for the Personal Data.
3.1.15 Physical locations of servers where you host your website and other data
You can mention the server location here, where you store the customer data.
3.1.16 Purge Request Day
This option allows the store admin to set the retention period for the GDPR requests. As per the number of days entered by the store admin the GDPR request data will be deleted from the database. Cron setup is available for automating the process.
3.1.17 Display Header Menu
Display Header Menu option of the Prestashop GDPR compliance addon allows the store admin to display the GDPR option in the header section of the website. By enabling “Display Header Menu” setting of the Prestashop GDPR addon, store admin can allow the guest users to access the GDPR rights.
3.1.18 Header Menu Text
Admin can define the text for the Header Menu.
3.1.19 Admin Email Address
The online store admin can enter his email address for getting GDPR related e-mail notifications. Prestashop GDPR Module provided an option to add admin email in the General setting tab to receive/send the mail using that email address instead of default shop email address.
3.2 Cookie Consent Bar
It is mandatory for the online store owners to display the message that website uses the cookies (if you use cookies for the better customer experience) with the option to accept or discard the cookie acceptance. The Prestashop GDPR Module allows the store admin to display the Cookie Consent Bar at the front end with the option to accept the cookie or discard the message. Admin can easily customize the appearance settings as well as the message on the cookie bar.
The Cookie Consent Bar tab has following settings:
In the new version of the Prestashop GDPR Module, the option to block cookies from the third party module has been added the new admin interface of the module has the option to setup the Cookie Bar Settings and Cookie Blocker option. Please refer to the attached screenshot:
3.2.1 Cookie Bar Settings
The cookie bar setting tab has the 2 options Configuration and Appearance.
3.2.1.1 Configuration
Admin has following options to set-up the Cookie Consent Bar.
- Enable the Cookies Consent Bar: The Admin can enable or disable the cookie message on the website.
- Cookie Name: In this section define the name of the cookie to get the user consent. Please do not use the space to the cookie name.
- Cookie Lifetime: Cookie Lifetime allows the store admin to set up the cookie duration that how long the cookie will be stored on the user’s device.
- Terms and Condition of use: The admin can list the cookies details on a Cookie Policy page and add the link to the page on the message displayed to the user.
- Display Close Button: Admin has the option to remove the Close button from the Cookie Consent Bar.
3.2.1.2 Appearance Settings
Admin can easily control the following options for the Cookie Consent Bar.
- Notification Position: Admin can select the position of the Cookie Notice on the Bottom of the page or Top.
- Effect when hiding the notification: Admin can select the options like Fade, Hide or Slide from the drop-down list.
- Notification Message: Admin can easily update the notification message as per the requirement.
- Background Color: Admin can customize the background color of the cookie bar.
- Background Opacity: Admin can set the opacity of the cookie consent bar.
- Notification Message Font Color: Admin can set the notification message font color.
- Background Color of Accept Button: Admin can set the background color for the Accept Button.
- Font Color of Accept Button: Admin can set the font color of the Accept button.
- Background Color of More Information Button: The background color of more information button can be changed to match it with the website theme.
- Font Color of More Information Button: Admin can select the font color to match with the website theme.
3.2.2 Cookie Blocker
The Cookie Blocker interface will consist of the Details of the Cookies. Admin will have the option to add the Module category. For example, Strictly Necessary Cookies – Admin can map all the third party modules under this category which are required for the proper functioning of the features of the website. To map the modules under the category admin need to click the drop down option as highlighted in the screenshot below.
How to map the modules with the Module Category?
In order to map the third party modules which use the cookies admin need to click the drop down option and then click on the Add Modules. This will open a new page with the option to select the modules. Please refer to the screenshot.
Now find the module which you would like to map with the Module Category and click on the Module Name. On clicking the Module name option to enter details regarding the Cookie will appear. Please refer to the attached screenshot:
Admin can add the multiple module categories and map the modules to these categories with ease. At the front-end, if the user clicks on the Cookie Settings option then he will be able to activate the cookies of his choice. Please refer to the attached screenshot:
Note: Strictly Necessary Cookies will be enabled by default. All other module cookies can be controlled by the customer.
3.3 User Consent
The user consent option allows the store admin to display the checkboxes on the Signup and Contact form. In order to add the checkboxes on the Registration and Contact form admin need to click on the User consent option. Please refer to the attached screenshot:
Clicking on the User Consent option will open a new window with the option to add the checkboxes on the Registration and Contact form. Please refer to the attached screenshot:
In order to add a new checkbox admin need to click on the + icon as highlighted in the screenshot above. Clicking on the + icon will open a new form to fill the details. Please refer to the attached screenshot:
- Title: This is for the internal use. The title of the consent box will appear in the back-office details.
- Content: The text entered here will be displayed to the user at the front-end.
- Form Type: Admin can select the Registration Form or the Contact form to display the additional information.
- Consent URL: Admin can add the link to the Privacy Page or Terms and Conditions page.
- Required: Admin has the choice to make the field a mandatory filed.
At the front-end the checkbox will appear like below:
The Prestashop GDPR Addon by Knowband also records the user consent. To verify the customer consent admin need to navigate to the Customers section. Please refer to the attached screenshot:
3.4 GDPR Data Portability
In the GDPR data portability section of Prestashop GDPR Module, admin can check the status of the data portability requests raised by the customers. Customers can download the personal data like Personal Info, Addresses and Orders in the CSV format. Admin can check the reports of the downloaded data in this section.
New Feature:
The new version of the Prestashop GDPR Module allows the store admin to download the customer data from the back-office. This feature will help the store admin to share the customer data if data has been requested from some other communication channel like email instead of using the website. To download the customer data follow steps mentioned below:
- Go to the GDPR Data Portability Tab
- Click on the Download Customer Data option as highlighted in the screenshot
- On clicking the Download Customer Data a new tab will open. Please refer to the attached screenshot.
On searching for the customer details by Customer Name or Customer email-id the details of the customer with the options to download the details of the customer will appear. Please refer to the attached screenshot:
From here admin can download the customer details. The downloaded data will be in CSV format.
3.5 GDPR Forgot Request
According to the right to be forgotten of GDPR, the customer can request for the deletion of his/her personal details. All the requests registered under “Right to Forgotten” will be listed under the GDPR Forgot Request tab. As per the settings enabled/disabled for the order deletion, order details will be stored or deleted. Admin can easily check the status of the GDPR Forgot requests from the admin interface of the Prestashop GDPR module under the “GDPR Forgot Request” tab.
Note:
- As soon as a customer request for the deletion of his/her details a confirmation email will be sent to the customer. As per the customer’s confirmation, the details of the customer will be deleted from the system.
- The Prestashop GDPR Module only deletes the customer data from the store database. If you share the customer data with the third-party service providers (eg. MailChimp) or store it on the third-party platform (eg. Google Drive) then you need to delete the customer data from these platforms manually.
New Feature:
The new version of the Prestashop GDPR Module allows the store admin to delete the customer data from the back-office. This feature will help the store admin to delete the customer data if the data deletion request has been generated from some other communication channel like email instead of using the website. To delete the customer data follow the steps mentioned below:
- Go to the GDPR Forgot Request Tab
- Click on the Delete Customer’s Data option as highlighted in the screenshot
- On clicking the Delete Customer’s Data a new tab will open. Please refer to the attached screenshot.
- Admin needs to enter the customer name or the email id to find the customer details. The details will appear like.
From here, admin can check the customer details and also select the option to delete the customer data. Admin can also notify the customer regarding the data deletion through email. As per the settings enabled from the General Settings for the data deletion requests order details will be handled in a similar manner.
Note:
1) If any third party module uses the Prestashop hooks (as per the guidelines of the Prestashop to make the Prestashop modules GDPR Compliant) then the Prestashop GDPR Module by Knowband will allow the store admin to delete the customer data from that module as well.
2) As of now, the Prestashop GDPR Compliance Module by Knowband does not keep the record of the data deletion requests processed from the back-office.
3.6 GDPR Anonymous Request
If the customer would like to make his/her information anonymous so that no one can identify the user from the personal details then the customer can request to anonymize the data. In this case, the customer personal data will be replaced by fake details and as per the settings enabled under the GDPR Settings tab of the Prestashop GDPR Compliance Module; a fake email id can also be generated. If the customer wishes he/she can continue to use the services by using the fake email id to access his account details. Admin can check the details of the Data Anonymous Request under the GDPR Anonymous Request tab of the Prestashop GDPR Compliance Module.
3.7 GDPR Rectification Request
The customer has the right to modify the inaccurate information. The Prestashop GDPR Module allows the customer to modify the details like Personal Information, Address, and Password etc. Admin can check the status of the status of the modification made by the customers under the GDPR Rectification Request.
3.8 GDPR Personal Data Report Request
As per the GDPR Rights customer can request for the details of the personal data which has been collected by the store admin along with the details that how the personal data has been used and which other services are using the data of the customer. At the front-end customer gets an interface to request for the personal data under the My Account section. As soon as the user request for the Personal Data an email for the confirmation will be sent to the user to the registered email address. As per the confirmation from the user personal data details will be sent to the user. Admin can check the status and details of the Personal Data Request status under the GDPR Personal Data Report Request.
Note:
As of now the Prestashop GDPR Module by Knowband allows the store admin to share the details like Personal Information, Address Details, Newsletter Subscription, D.O.B, Shopping Cart Contents, Order Details, Admin can also list all the third-party service providers details and the physical location of the server along with the details of the hosting company.
3.9 GDPR Email Templates
The GDPR Module by Knowband allows the admin to sending following emails to the customer on raising a request under the GDPR.
- Confirm Your GDPR Account Deletion Request
- Confirm Your GDPR Personal Data Anonymous Request
- Customer has requested for GDPR
- Your GDPR Personal Data Report
- Customer has confirmed GDPR Request
- Confirm Your GDPR Decision Making Request
- Confirm Your GDPR Personal Data Portability Request
3.9.1 Confirm Your GDPR Account Deletion Request
Admin can update the Subject line and the email text by using the GDPR Email Template Settings.
The default format of the email template is as below:
3.9.2 Confirm Your GDPR Personal Data Anonymous Request
Admin can update the Subject line and the email text by using the GDPR Email Template Settings.
The default format of the email template is as below:
3.9.3 Customer has requested for GDPR
This Email template is used to send a confirmation mail to the customer when a customer has requested for Personal Data Report.
The email at the customer end will be like below:
3.9.4 Your GDPR Personal Data Report
This email template will be used to send the Personal Data of the customer requested under the GDPR Right to the access to the Personal Data.
At the customer end the email design will be as below:
3.9.5 Customer has confirmed GDPR Request
3.9.6 Confirm Your GDPR Decision Making Request
This email template will be used to request the customer for the confirmation of the automated decision-making requests.
Email at the Customer end.
3.10 GDPR GEO Targeting
The online store admin can also select any IP address and country/region for showing selected GDPR functionalities. Thus the admin can hide the GDPR functionalities from the countries where these rules are not compulsory.
3.10.1 GEO Targeting using IP address
- Enable/Disable: The store owner can easily activate this functionality.
- Enter the IP address: The online store admin can enter the IP address here. The store admin can enter multiple IP addresses by separating them using this |(pipe) character.
- Select the GDPR functionality to display: Admin can select the functionalities ie cookie consent bar, user consent check-box, GDPR links in my account page and GDPR header menu link. The selected IP address will be able to view the chosen functionalities.
3.10.2 GEO Targeting using Country
- Enable/Disable: The online store owner can enable or disable the functionality easily.
- Select Country/Region: Admin can select the country from the drop-down list. Admin can select only region or countries.
- Select the GDPR functionality to display: Admin can select the functionalities ie cookie consent bar, user consent check-box, GDPR links in my account page and GDPR header menu link. The selected functionalities will display in those specific countries.
3.11 GDPR CRONS
In order to help the store admin to automate the Data deletion and Purge Request, cron settings are available in the Prestashop GDPR Module. Please refer to the attached screenshot.
Admin can complete the data deletion and Purge Requests by Clicking the “Forgot Request” and “Purge Requests” button or set up the cron to automate the process.
Note: The purpose of these features is to help you to meet the GDPR requirements. Installing this module only does not guarantee merchant sites’ compliance with the new obligations imposed by the GDPR. It is your responsibility to put in place all the necessary measures to ensure you comply.
You may also like:
Knowband GDPR module for Prestashop Admin Demo Link: https://psm.knowband.com/demo/?module=gdpr&demo=admin&referrer=kb&lang=en
Prestashop EU GDPR addon Front Demo: https://psm.knowband.com/demo/?module=gdpr&demo=front&referrer=kb&lang=en
Knowband Prestashop GDPR plugin Addon store link: https://addons.prestashop.com/en/legal/32019-knowband-gdpr-rights-of-individuals.html
Knowband General Data Protection Regulation module YouTube video link: https://www.youtube.com/watch?v=kVCqXyUDfaE&feature=youtu.be
Please contact us at support@knowband.com for any query or custom change request as per your business requirement.