The General Data Protection Regulation (GDPR) is a law that protects personal data for EU residents, which comes into effect on May 2018. Violators of this regulation will be subject to severe monetary penalties of up to 4% of company’s global annual turnover. This is why OroCommerce is offering its new extension for better customer consent management.
Why Install OroCommerce GDPR Extension
One of the GDPR obligations is to give users greater access to their own personal information and let them have more control over it. Your customers are now entitled to get their private information deleted if it is no longer necessary for the purpose it was initially obtained for, or withdraw consent to process this data. With the latest OroCommerce Customer Consent Management extension, complying with GDPR will be easier. The new extension allows you to create and manage customer consents while enabling buyers to view, manage and revoke these in your storefront.
Using the OroCommerce Consent Management Extension
The new OroCommerce Consent Management extension provides a flexible approach to collecting and managing customer consents. Once you download the extension from our Marketplace and install it, your company’s security officers or other authorized users can enable, configure, and manage user consents straight from the OroCommerce management console.
Enable and configure user consents
Consents are disabled by default but can be activated globally in the system configuration.
After you’ve enabled this option, the new Consent Management menu appears in the list of system configuration menus.
The extension also supports managing site-specific consents to all of your websites if you operate more than one.
Create different types of consents
The extension gives the ability to create mandatory and optional consents in OroCommerce. Mandatory consents are used to prevent customers from starting the checkout process or creating RFQs on the storefront unless they accept the terms and conditions. Optional consents can be used to obtain customer permissions to send newsletters, product updates or information on sales and discounts. You can also localize user consents by providing their descriptions in a language that will make the most sense for your customers.
Enable consents for the storefront
You can add necessary consents to the Enabled Consents list so that they are displayed in the storefront. If there’re several consents you’d like to show to customers, you can rearrange their order.
Storefront consents can be also enabled on the website level.
Receive declined consent notifications as contact requests
With the ‘Declined Consent Notification’ option enabled for a particular consent, the system alerts whenever a customer declines consent in the OroCommerce storefront. Declined consent notifications are created in the management console as contact requests.
Add a Consent Landing Page to a Web Catalog
Once consents are enabled in the system, you can add them to web catalogs. To let customers see the consent text in the storefront, you have to create a consent landing page that provides a detailed description of the terms for a customer to approve. This page should be added as a content variant for a specific node in a relevant web catalog.
How Your Customers Will Handle Consents in the Storefront
Read and accept agreements when registering an account
When registering an account, new customers will be requested to read and accept mandatory and/or optional agreements that entitle your company to process their personal data.
View, accept and revoke consents
Your customers will be asked to provide explicit consent for processing their data when they first register an OroCommerce account or request a quote. They can read the extensive descriptions of pending consents or view already accepted ones in the Account Info section on their profile page. From there, they can also accept or revoke consents.
The red icon next to the Terms and Conditions indicates a pending consent a customer has to read and accept.
Installing the Consent Management Extension
Make Sure You Are GDPR Compliant: Inspect Everything Again
Please keep in mind that the OroCommerce Consent Management extension is only a tool which helps businesses comply with one of the many GDPR requirements. To be ready to meet all GDPR provisions, you need to closely inspect your organization’s workflows and internal processes. Our Getting Ready for GDPR with OroCommerce guide will help you navigate the journey to GDPR compliance and explains in detail what else you should do in your B2B eCommerce platform before May 25.