Data privacy regulations require businesses to gain more explicit consent to collect and use data from individuals in the European Union.
The EU General Data Protection Regulation, or GDPR, places the responsibility on businesses to give individuals more control over their personal data. And it's not limited to European businesses. You should consult a lawyer if you have any questions about how GDPR applies to your business, but, in general, any company offering goods or services to individuals in the EU must comply.
BigCommerce merchants achieve GDPR compliance withfeatures and capabilities that allow them to:
If you transfer an individual's personal data to vendors — such as integrations or third-party apps — verify that they are GDPR compliant.
Take steps to make sure your customers' data is secure, and if there's a breach, disclose it to the Supervisory Authority within 72 hours.
Explicitly ask for consent before collecting personal data, and be transparent and specific about the way it's being collected and used.
BigCommerce meets and exceeds the privacy standards required by the GDPR. While all our servers are located in the US, we are participants in the EU-US Privacy Shield Framework.
We're committed to providing ways to integrate securely with third-party apps to manage your BigCommerce store and help you make informed decisions.
As a component of our ongoing commitment to data security, we are actively planning for our ISO 27001 certification, the highest level of information security.
Our cookie policy allows merchants to explain what cookies BigCommerce places on their buyers' web browsers (this does not include third-party integration cookies). We give merchants the ability to block cookies used to provide insights and analytics, and we're building new solutions to provide analytics without cookies.
We've worked hard to stay ahead of GDPR and go above and beyond to maintain compliance. Here's how you can count on BigCommerce to comply with these new data privacy rules:
BigCommerce has appointed data protection leader ChristopherBeckett to ensure compliance with regulatory requirements andprovide clarity moving forward.
We continue to catalog data processing activities to ensure thatcollection, processing, and dissemination stays GDPR compliant.
We have assessed vendors for our core platform with whomBigCommerce shares personal data.
BigCommerce has implemented GDPR-compliant protocols, like data breach response policies and an updated privacy policy.
Disclaimer:Â The information on this page is for guidance only and does not constitute legal or professional advice. Always consult a qualified lawyer on any specific legal problem or matter. BigCommerce disclaims all liability with respect to the information in this document.