GDPR 将对您造成怎样的影响?

《通用数据保护条例》(GDPR) 影响任何位于欧洲或为欧洲客户提供服务的 Shopify 商家。虽然 Shopify 正努力确保其自身及其商家自 2018 年 5 月 25 日起符合 GDPR,但务必注意,GDPR 还要求商家独立于 Shopify 平台采取行动。

Shopify 希望帮助商家尽可能地遵守法律。本文包括您应考虑的问题,旨在帮助您评估自己的义务,从而确保您以合法的方式设立商店。

也就是说,这不是法律建议。GDPR 是一项复杂的法规,它将以不同的方式适用于不同的商家。您应咨询律师,了解您具体需要做什么。

有关处理数据请求的信息,请参阅处理 GDPR 数据请求

Shopify 为什么不能为商家处理 GDPR 合规性?

GDPR 规定了数据控制方和处理方的不同义务。作为数据处理方,Shopify 按照 GDPR 履行其自身的法律义务。但是,商家(作为控制方)也有自己必须考虑的独立义务。

Shopify 为商家提供了一个可配置为符合 GDPR 的平台,但您必须自己考虑如何经营您的业务。

为进一步提供指导,欧盟范围内的以下监管机构就 GDPR 提供了具体指导:

  • ICO - 数据保护指南。

  • 爱尔兰数据保护专员 - GDPR。

  • CNIL - Règlementeuropéen:seprépareren6étapes。


GDPR 保护欧盟范围内的个人在处理个人数据方面的基本权利。


  • 名称

  • 地址

  • 电子邮件地址

  • 社交媒体账户

  • 数字标识符,例如 IP 地址或 Cookie ID。


  • 您是否在收集欧洲客户的个人数据?大多数网站对欧洲的居民开放,并且将遵循 GDPR 规定。

  • 如果您的商店使用第三方应用或模板,它们是否按照 GDPR 的规定收集和处理数据?为了简化此流程,Shopify 要求所有应用发布详细说明数据处理做法的隐私政策,您可以评估是否愿意接受该应用的数据处理做法。Shopify 开发的应用遵从数据处理附录,并且 Shopify 对这些应用的合规性负责。

  • 您使用的渠道或支付网关是否按照 GDPR 的规定来收集和处理数据?您应该与他们联系以确保这一点。

  • 您是否列出了从客户处收集的所有类型的个人数据以及您使用此类数据的所有方式?GDPR 第 30 条要求您维护您数据实践的当前映射。


How does the GDPR affect you?

The General Data Protection Regulation (GDPR) affects any Shopify merchants who are based in Europe or who serve European customers. While Shopify is working hard to make sure that it complies, and allows its merchants to comply with the GDPR as of May 25, 2018, it is important to note that the GDPR will also require you to take action independently from the Shopify platform.

Shopify wants to help place merchants in the best possible position to comply with the law. This article includes questions you should consider to help you assess your obligations to make sure that you have set up your store in a way that complies with the law.

That said, this is not legal advice. The GDPR is a complicated regulation, and it will apply differently to different merchants. You should consult with a lawyer to figure out what you specifically need to do.

For information about processing data requests, see Processing GDPR data requests.

Why can't Shopify handle GDPR compliance for merchants?

The GDPR imposes different obligations on controllers and processors of data. As a processor of data, Shopify fulfills its own legal obligations under the GDPR. However, merchants (as controllers) also have their own separate obligations that they must consider.

Shopify provides merchants with a platform that can be configured to be GDPR compliant, but you must consider yourself how you would like to run your business.

For further guidance, the following regulators within the European Union have provided specific guidance on the GDPR:

  • ICO - Guide to data protection.

  • Irish Data Protection Commissioner - GDPR.

  • CNIL - Règlement européen: se préparer en 6 étapes.

Collecting personal data

The GDPR protects the fundamental rights of individuals within the European Union in relation to the processing of personal data.

Examples of personal data include:

  • Name

  • Address

  • Email address

  • Social media account

  • Digital identifier such as an IP address or a cookie ID.

Think about the following questions:

  • Are you collecting personal data from customers in Europe? Most websites are available to residents of Europe, and will fall under the GDPR.

  • If your store uses third-party apps or themes, then do they collect and process data in accordance with the GDPR? To simplify this process, Shopify is requiring all apps to post a privacy policy detailing their data handling practices, so that you can assess whether you are comfortable with that app’s data practices. Shopify-developed apps fall under the Data Processing Addendum, and Shopify is responsible for their compliance.

  • Do the channels or payment gateways you use collect and process data in accordance with the GDPR? You should follow up with them to make sure.

  • Do you have a list of all of the types of personal data that you collect from your customers, and all of the ways in which you use this data? Article 30 of the GDPR requires you to maintain a current map of your data practices.