GDPR and PushCommerce

On the 25th May 2018, the General Data Protection Regulation (GDPR) was introduced across Europe. This regulation is applicable to any companies who hold, process, or collect data on EU citizens, regardless of the company’s own location. The GDPR was implemented to protect the rights of EU citizens privacy and protection from data breaches as well as providing them a greater control of their own data.

In the UK, the GDPR is enforced by the Information Commissioner’s Office (ICO).

The GDPR clarified that, under the Regulations Individuals have:

  1. The right of Access - An individual has the right to know what personal data an organisation has about them and how it is processed.
  2. The right to Object - An individual can prohibit personal data being processed in certain ways
  3. The right of Rectification - An individual can request incorrect personal data to be corrected.
  4. The right to be Forgotten - An individual can request that an organisation remove all personal data they hold without delay.
  5. The right of Data Portability - An individual can request their personal data be presented in a ‘usable format’ e.g. PDF or CSV files.
  6. The right to Fair and Transparent Processing - An individual has the right to information about the processing of their personal data


Further sections of the GDPR deal with ‘enhanced Consent’ collection. This section of the regulation imposed stricter consent collection and storage requirements. For example, pre-ticked Opt-in boxes, and silent consent are no longer acceptable practices. Consent, once collected, must also be specific to a distinct purpose, for example, for the provision of goods or to contact a customer following a site query.

Changes from PushCommerce

Along with this information page, PushCommerce updated their Privacy Policy to ensure that it complies with the GDPR. In addition, enhanced consent collection and storage features were added across the PushCommerce site and Platform.

You and your customers will see a ‘consent request’ upon checkout, which is unticked as default. If a customer wants to be added to your mailing list they need to check this box. The information is then stored on each customer's detail page for future reference.

PushCommerce Customers 

PushCommerce continue to take steps to ensure that we and therefore, our customers are compliant with regards to data storage on the PushCommerce platform. We would however, always suggest that you undertake your own research and enquiries to ensure your own practices are compliant.

Further Information:

  • Where are PushCommerce’s servers that hold the customer contact details/login details? Are they in the EU?
    • Our Servers are worldwide but the server company (Google and Amazon Web Services) are compliant with the GDPR and the US-EU Privacy Shield.
  • What level of encryption do you use to protect details?
    • We use SHA256 level encryption (originally designed by the NSA!).
  • What is the web link to your Privacy Policy?
  • Will you inform me if you are hacked and my customer details are stolen with 72 hours of finding out?
    • Absolutely, as well as informing the ICO with whom we are a registered data controller.
  • What else should I know about how PushCommerce handles my customers details?
    • We never see or store credit/debit card details.
    • We vehemently agree that privacy of your data should be at the forefront of all innovation and services.
    • We are here to talk if you have any questions!

If you would like to find out more, then the following links may be of use:

ICO - GDPR Section

European Commissioner’s Infographic

GDPR for Direct Marketing

Please note

This guide is for informational purposes only, and should not be relied upon as legal advice. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organisation.