Here in the next couple of weeks, we are getting ready to start making thirty bees compliant with the European Union’s Global Data Protection Regulations. This is likely going to be a big undertaking to comply with the EU regulations before the deadline comes into effect. The regulations around e-commerce shops are very wide sweeping and very vague at best. So we are left trying to decode the regulations to keep thirty bees users in compliance with them.
If you have been eagerly waiting for thirty bees 1.0.4, you might have to wait a little bit longer. We are trying to figure out if we can squeeze everything we need to comply with the regulations into a module, or if we are going to have to modify the core to bring the software in compliance. One of the main issues centers around cookies. From our understanding of the law, a shop cannot cookie a user before a user agrees to be cookied. We are working to see if there is a reliable way that we can disable the ability to cookie users without requiring core changes.
Some of the changes required, like letting users delete data and export data are fairly simple to deal with. Those will likely be added to the EU compliance module to help bring shops up to compliance quickly and easily. This along with a few other tweaks to ensure that the module works consistently, correctly, and is within the current framework of the law.
The end goal
The end goal we want to provide is a comprehensive EU compliance module. So that all shops in the EU can install the module, configure it, and be legal. We just have not figured out if we are going to need to alter core functionality to provide this result yet. Also, we are in talks with several experts in the field of compliance to help wrap our heads around the quirks in the law and how they best need to be handled on a massive global scale.
If you have followed our Google Analytics module, you know that it has already been made compliant by anonymizing the IP addresses sent to Google. With less than 100 days until shops need to be compliant, we feel the time to start working on a solution is now, to best protect our merchants.
Join the discussion below, let us talk about what new features need to be added or changed in thirty bees to make your shop compliant with the GDPR.