On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) will take effect, impacting every retailer conducting business in the European Union (EU). The GDPR expands the data privacy rights of EU citizens and places new obligations on merchants who handle EU-based personal data. Salesforce Commerce Cloud is here to help our customers prepare for this major change.
The GDPR replaces the patchwork of national data protection laws currently in place with a single set of rules. Merchants established in the EU who process personal data fall under the purview of the GDPR. The GDPR also extends to merchants established outside the EU if they are transacting business in the EU by, for example, offering goods or services or monitoring the online behavior of EU data subjects.
As we’ve spoken with customers about the GDPR, we’ve compiled a list of three key takeaways all Commerce Cloud merchants should be aware of:
Salesforce will serve as an enabler of tools and features to help comply with the GDPR, and we recommend each merchant take steps to ready themselves. The GDPR will impact each merchant differently depending on their own implementation of Commerce Cloud. Merchants will be responsible to take action to ensure their own compliance.
In preparation, the Salesforce infrastructure, product, and legal teams have closely analyzed the GDPR requirements related to common ecommerce use-cases. In fact, Commerce Cloud’s best-in-class privacy and security standards, along with robust platform capabilities already meet many of the GDPR requirements. In the areas where additional requirements are needed, we are working to build further enhancements:
Similar to existing privacy laws, compliance with the GDPR requires a partnership between Salesforce and our merchants, and we welcome an open dialogue to ensure full preparation.