General Data Protection Regulation

This is one in a series of topics to help Magento merchants and developers understand the implications of the General Data Protection Regulation (GDPR). The information is intended for informational purposes only and should not be construed as legal advice. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.

The European Union (EU) enacted General Data Protection Regulation (GDPR) to give its citizens more control over their personal data. GDPR applies to any organization operating within the EU. It also applies to organizations outside of the EU that offer goods or services to customers or businesses in the EU.

System integrators can use the data flow diagrams and database information in the Personal Information Reference to build scripts to resolve use cases similar to the following:

  • A shopper asks for a copy of the data the merchant has stored about them
  • A shopper requests that all information about them be deleted

Personal Information Reference

For technical information, see the data flow diagrams and database entity mappings in the Personal Information Reference that applies to each version of Magento that you support.

For more information about how Magento helps merchants comply with GDPR, see the following: