GDPR is General Data Protection Rule as created by Europe. Basic bottom line is that it possibly affects all ecommerce world-wide. The truth is no one really knows what will happen for cart owners outside of Europe but be aware you could be affected. I read a number of articles before started this and in reality all I gleaned was that the GDPR is a very long winded policy with no details that are instructive to small cart owners.
This page by a US based lawyer does address American companies though.
"There may be bona fide legal questions as to whether the EU actually has the legal authority to impose GDPR requirements on U.S. businesses that have no physical presence in the EU or EEA. It is therefore possible that, before or after May 25, one or more U.S. companies will seek a declaratory judgment in a U.S. court to the effect that some of the GDPR’s purported applications to U.S. companies are invalid."
I admit I got caught off guard by this – I'm out house hunting in Maine and not paying attention to a lot of things but I really have not noticed any thing being sent out about the GDPR by my usual sources. Zen Cart did send out something finally on the deadline day of May 25 and here's the official statement/instructions: https://www.zen-cart.com/entry.php?10-GDPR-FAQ-for-Storeowners.
There are some common sense things to do immediately, however, some of which I always recommend to site owners anyway.
Add a privacy page to your website and then turn on the privacy requirement for account creation.
Zen Cart has a define page for privacy already and if you are showing the information box, that link can be turned on / off in your admin under configuration > Define Page Status. If you aren't using the information box, you can add an ez page link to the footer easily. If you haven't done that before or want to read up on it, there is a tutorial on the Zen Cart forum here.
What should be in the privacy page?
Transparency is the key. State what personal data you retain name, addresss, phone number, age – oops, jump back there a bit. Default for zen cart requires several bits that most websites have no reason to retain such as age/birth date and sex/email salutation. I recommend simplicity – also turn off company and fax number as most folks have no need of those either. (Configuration > Customer Details). The GDPR is also about retention of only necessary information so clean up your cart! Here's a sample of what I'm going to be using for my Zen Cart customers.
Terms & Condidtions
The next step is to turn on the terms & conditions for checkout. The define page for terms and conditions could be just simply a link to the privacy page. Anyone who registers after you turn on the confirm privacy for account creation does see it and agrees to it but a returning customer needs to see it as well.
And then there are technical headaches. In reality, deleting a customer does not delete the order info. Some pundits have opined that a sale is a contractual agreement and therefore is exempt. Of course these folks aren't lawyers – but wait, most US lawyers are not conversant on European law. The issues facing non-European companies are many and more so for the small business.
One of the British developers has released a Zen Cart mod with verbage and alteratons that helps. Contact me if you want to have it installed. Price will depend on your present mods and template.
So in the meantime, if you are a European company, I suggest installing the mod as your first step. Non-European companies can start with just verbage for the privacy and terms & conditions as well as turning on the links or go ahead and install the mod (which is not easily accessible right now).
I have integrated this into my base responsive template so if you are also looking to upgrade to a mobile-friendly template or are not satisfied with your present one, let me help!
An interesting note – a number of US companies and non-European developers are opting to block European users. I am proud of my global business and welcome my European users. We can all work together to get this right!