Not rendering correctly? View this email as a web page here.

Hi Site Owner,

Preparing your CoreCommerce store for GDPR

By now you have likely heard about the General Data Protection Regulation (GDPR), which comes into force on May 25th, 2018. It aims to protect the fundamental right to privacy and the protection of personal data of European Union (EU) citizens. GDPR also addresses the export of personal data outside the EU. All companies processing and holding personal data of EU citizens, regardless of location, are subject to GDPR. Any entity (including websites) that processes EU citizens' personal data, markets in the EU, has site visitors from the EU, whether or not your business is located in the EU, is affected by this regulation.

CoreCommerce has made modifications to its Admin system which can be seen below and we have also updated our privacy policy to accommodate and comply with GDPR for our site visitors and clients from the EU.

What changes have been made to the Admin system for GDPR?

Data retrieval and erase feature

Under GDPR, your clients have the ability to download and view the personal data you have collected on them. This is found under the My Account login section of your website hosted by CoreCommerce. A consumer can also delete the personal information you have about them.

consumer gdpr view

As the store owner / manager, you have the ability to click on any customer and retrieve, download and send information to your customers. Choose any customer by name and you have have the new EU options in the black and red boxes.


admin data erase gdpr

Data Correction

Another tenet of GDPR is the ability to edit and correct the personal information on your customers. Our Admin customer tab already allows you to view and edit customer data.

What happens to the order history once a customer's personal information has been deleted?

The CoreCommerce system will retain the order information and replace the name and address information with generic data, such as GDPR customer 1, 2, 3, etc. This way your order history, sales data and other company related information remains correct, all that we change is the name of the customer to unidentifiable entity.

Cookies Notification Bar

Visitors to your website will be prompted to acknowledge that cookies are used on your site.  This prompt only occurs once and if clicked, does not appear to your visitors again. To turn this notification on, go to the top right of your Admin home screen, choose the Settings gear icon > Store Settings > Localization

store setting gear

To enable a cookies notification bar on your homepage header or footer, enable this slider.

cookie notification bar 2018-1

The notification bar will look like this line below:

Screen Shot 2018-05-22 at 4.04.08 PM

Additional, and hopefully helpful, information related to GDPR

  • GDPR gives people the right to access, correct, delete, and restrict processing of their data, and sets out strict guidelines about how you need to get customers to agree that you can use their data (aka, consent). This is especially important if you're using your customers’ data for purposes beyond simply filling orders, like for marketing or advertising.
  • GDPR also makes it the merchant responsibility to protect that data (even if you’re using a processor like CoreCommerce to actually store that data), and to make sure that your customers and website visitors can exercise all the rights they now have.
  • What is personal info? If you collect or store any information that can be linked to an individual, that counts as personal data. Name, phone, email, location data, IP address, online Identifier such as "cookies".
  • Things to ask yourself:
    • Do you need to update your privacy policy, or change the disclosures you make to your customers?
    • If you’re using third party applications or themes to support your store, do those apps or themes comply with GDPR? Sending marketing campaigns requires consent from your site visitors. If you're using our newsletters, MailChimp, Constant Contact or any other email marketing tools, this applies to you. While it is not obligatory under the GDPR when sending marketing emails to your own existing customers, you may request 'explicit consent' from your site visitors before sending them any marketing materials. In many cases, this can be accomplished by a check box next to your 'Subscribe' button, obliging your site visitors to check the box and confirm consent before subscribing to the newsletter.
    • Another reference point for more information and to familiarize yourself with the policies is GDPRandYou.

All of our servers will have the new functionality by 9:00am cst on the 24th. Please contact us at or start a chat with us if you have any questions about our GDPR strategy.


Michael Thompson, CEO