How to Setup GDPR Compliance

Have more questions? Submit a request

Introduction

This article will help you setup your database to comply with European Union's General Data Protection Regulation (GDPR). When you enable GDPR Mode, users will need to opt-in to having their personal information stored in your database. New users will need to opt-in to create accounts, and existing users will need to opt-in to access their accounts.
 
Important Note: Please contact us at support@configio.com if you have any questions or concerns regarding this feature.

Enabling Marketing Email Opt-In by Country

Log into your administrative console and navigate to Settings -> Setup -> Countries and States. You will see an Edit Icon on each Country.
configio.png
 
Selecting it allows you to edit the Require Email Opt-In value. For each relevant Country, check the box and select the Update Button.
configio.png
 

Now, whenever a customer selects that Country as part of their account address, they will be asked to opt-in to marketing emails.

Adding Privacy Policy Links

You can add a link to your privacy policy to your page footers. Go to Settings -> Setup -> Shopping Cart Help & Layout. You will see an Edit Icon on each page.
configio.png
 
Clicking Edit allows you to edit the page footer. Insert text. Use the link tool to link to your privacy policy and select the Ok button.
 
configio.png
 
Select the Save button.
configio.png
 
Repeat this for each page that you want to contain a link to your privacy policy. You may decide that the product search, create account, login, payment, process order, money request, disclaimer, and other certain pages are the only ones that need a link, and that decision is yours.
 
First Note: If you do not have a publicly accessible privacy policy URL, you can create a Web Content page.
 
Second Note: Your privacy policy should include information about cookies.
 
Third Note: You can also provide the direct HTML of the link to Configio Support, and they can add it to the footer of every page.

Asking for and Requiring Addresses on Account Creation

Each time a customer creates an account, you can ask them for their address, and you can require them to submit it in order to create the account. Go to Settings -> Setup -> Configuration. Turn ON the configuration titled "Ask for address when creating an Account" and click the Save button.
configio.png
 
Repeat this for the configuration titled "Require Address to create an Account."
configio.png

Disabling Guest Checkout

It is a best practice to not allow for Guest Checkout because these customers will not be able to request their information to be forgotten. Minors must be approved before they can be registered as participants, and Guest Checkout does not allow for users to log back into the site after their pending participant has been approved. Go to Settings -> Setup -> Configuration. Turn OFF the configuration titled "Enable Anonymous/Guest Checkout" and click the Save button.
configio.png

Customizing Messaging Configurations

There are several configurations related to messages displayed to users regarding the feature. Go to Settings -> Setup -> Configuration. Search for "personal." Review the default values in the System section, make changes as necessary, and select the Save button.
 
In particular, the value for the "Save personal information opt-in checkbox label" should reflect "I agree to your privacy policy," etc. Also the "Save personal information opt-in info message" should reflect that the privacy policy is available in the footer, etc. Additionally, the Associated Opt In and Opt Out warning configs should be adjusted with terms that make the most sense for you.
configio.png

Turning On the Primary Configuration

Go to Settings -> Setup -> Configuration. The primary configuration is titled "Turn on to enable GDPR mode (General Data Protection Regulation (EU)." Search for it, turn it ON, and click the "Save" button.

configio.png

Making Age Related Configurations

There are several configurations related to data about minors. Search for "minimum age" and make the following changes. Turn OFF the configuration "Ignore minimum age required to create an account config when in admin." Set the configurations "Minimum Age Required to create an Account" and "Participant minimum age pending state" to what your primary locality recognizes as the minimum age of an adult. Select the "Save" button.
configio.png
 

Requiring Birthdates for Accounts

You must require birthdates on accounts. This is handled by an Account Form Question. Navigate to Settings -> Assignments -> Forms, search for your Account Form. and select the Edit Questions icon.
configio.png
 

 

If you already are asking the birthdate question, select the Edit Icon. If not, select "Add New Question."
configio.png
 

 

Then select "Birthdate."
configio.png
 

 

If you are editing an existing question or if you are adding a new one, ensure that "Required" is selected and click the "Save" button.
configio.png

Requiring Birthdates for Participants

You must require birthdates on participants. This is handled by ssystem configurations. Search for "birthdate," turn ON the configurations titled "Require Birthdate to create a participant" and “Ask for Birthdate when creating a participant,” and select the "Save" button.

configio.png

Adding Contact Information to Verify Minors

Customers who create participants that are in a pending state due to their age will see a message. The message will contain contact information so that they can notify you to get their participant verified.
configio.png
 
That information is from the Print Email and Print Phone configurations. If you want to include contact information in the message, then ensure those configuration have good values. Go to Settings -> Setup -> Configuration. Search for "print." Review the values for Print Email and Print Phone, make changes as necessary, and select the Save button.
configio.png

Creating Email Messages

There are five types of email messages related to this feature. Below is a list of them with their descriptions.
 
Account My Information Request: This email is sent to GDPR Managers when account data is requested.
Participant My Information Request: This email is sent to GDPR Managers when participant data is requested.
 
Account Forget My Information Request: This email is sent to GDPR Managers when account data is requested to be forgotten.
Participant Forget My Information Request: This email is sent to GDPR Managers when participant data is requested to be forgotten.

Forget My Information Complete: After personal information has been forgotten from the database, this email is sent to the Administrator who submitted the request.
 
To create them, go to Settings -> Assignments -> Email Messages. Select the "Add New Email" button.
configio.png
 
Select the type, input a title, and select the Save button.
configio.png
 
Create the email message and select the "Save" button. See the Creating Email Messages article for more information.
configio.png

Making an Administrator a GDPR Manager

GDPR Managers receive messages when there are requests for information or when there are requests for information to be forgotten. To make an Administrative User a GDPR Manager, go to Settings -> Setup -> Users. Select the Edit Icon.
configio.png
 
Check "GDPR Manager" and click the Save button.
configio.png
 
 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful