What is GDPR?

The General Data Protection Regulation, or GDPR, is one of the most significant pieces of legislation passed relating to technology and the internet. It was approved by the European Union in April 2016, and set to come into force on May 25, 2018.  GDPR looks to bring together several existing laws and regulations to harmonize rulings across the EU. Primarily, GDPR aims to provide new guidelines that provide a better fit for today’s technology-dominated world.

The main points of GDPR concern the privacy rights of everyday users and their online data.  It will affect businesses of all sizes and will have a great effect on how companies gather, store, and look after their user’s data.  Companies will also need to give explicit notice when collecting personal data, which implies that consent will need to be explicitly given by the user and the purpose for gathering the data will need to be disclosed. Once data is collected, personal data will need to be encrypted by default as part of a process known as pseudonymization, meaning that it can’t be linked to a specific person without being accompanied by extra information.

What is considered personal data?

The concept applies to anything that could be used to directly or indirectly identify a person online. This could include names, email addresses, images, bank details, social network posts, medical information, web-based cookie data, or even a computer IP address.

What is the “right to erasure”?

Your website’s users will also have the right to know exactly what details you hold about them, and will have the right to request that any of this information be deleted if they feel their rights to privacy are being infringed upon.

How does this affect you?

Companies outside of the EU must abide by the same rules as EU companies if offering goods and services to customers in the EU.  If you have mailing lists for newsletters or promotions, and some of your prospects or customers are EU citizens, GDPR applies to you.

What are the requirements?

The requirements for online retailers that have EU customers at this point are outlined below:

  • Understand what “personal data” you are collecting and storing in Magento as well as in upstream and downstream systems (i.e. names, e-mails, addresses, credit card details, etc.). Special safeguards should be taken if collecting any data about race, sexual orientation, religious, and political beliefs. We recommend doing an inventory the “personal data” and where it is flowing to/from, like data to/from ERP, third-party services, reporting tools, etc.
  • Tell your customers who you are when you’re requesting their data – About Us, Contact Us, Customer Service, and Help pages that are informative and do not shield or make it difficult to contact you.  Provide physical addresses, phone numbers, and names of key personnel (i.e. owner, support, customer service).
  • Tell your customers why you are collecting their personal data, how long you will keep it and who you share it with – this should be clearly outlined in your privacy and use of personal data policies on the site and linked to a customer registration and checkout.
  • Get clear consent from your customers to process and store their data – this can be accomplished by adding consent or requiring agreement with your privacy policy during registration and checkout.  This includes clients using your site as “guests” also be acknowledged on the order and their consent stored with the order.
  • Provide your customers access to their personal data – ensure customers can view what personal data you have collected about them.  The Magento ‘My Account’ area clearly covers most if not all of the personal data you might have as it relates to orders and transactions.  This gets trickier if you are collecting other identifying data through marketing services.  Make sure that your third-party partners have a clear and coherent GDPR plan for compliance that you are comfortable with.
  • Provide your customers the “right to be forgotten” or “right to erasure” – this is new to Magento and still unclear on how to best implement this, but GDPR is expecting online retailers to allow their customers to “erase” or “take their personal data”.  This means names, e-mail address, physical addresses, credit card details, and possibly order details or at least the elements of it that are deemed “personal data”.  This may extend to logs including their IP address as well as other personally identifiable source of data (i.e. reviews, social interactions, etc.).  As you can see this one opens the door for a lot of questions and a burden on small online retailers.
  • As an online retailer you are expected to be proactive in maintaining best practices as it relates to security and protecting your customer’s data.  In addition, if there is ever a breach and data is compromised, you are required to communicate the breach and any “serious risk” to your customers.
  • Provide your customers the right to “opt-out” of direct marketing that uses their personal data – Magento has always supported this as it relates to Newsletters and E-Mail promotions and allows your customers to subscribe and unsubscribe from these forms of direct marketing.  This right to opt out is something that it is important to review with third-party partners who you may be sharing customer’s personal data with.
  • Ensure that any transfer of “personal data” to other parties is highlighted in your privacy and use of personal data policies.  Contact your customers for any changes to these policies.
  • It is ultimately your responsibility to be aware of the data usage policies and behaviors of any extensions or third-party system you choose to use.

What are the consequences of non-compliance? 

Companies outside Europe will also need to ensure they’re compliant with the rules, as they could also be subject to fines if found not to be up to speed. GDPR is a huge deal. Any organization found out of compliance to the new regulations after the May 25 deadline could face heavy fines, equivalent to 4% of annual global turnover, or €20 million, whichever is greater.

This blog post is not providing legal or regulatory advice. It is an interpretation of the GDPR and emerging “best practices” to help our Magento customers.  The team at Crimson Agility can help (from a technology standpoint) to get your online retail shop ready in time for the GDPR deadline of May 25th, 2018.  It remains to be seen exactly how GDPR will be monitored, and if fines will be issued…but for now it is best to be safe than sorry and prepare as much as you can.

Ask us and we can do an assessment of your site and provide you with a free estimate for what it would take to get your site GDPR compliant.

Until next time, let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team


Have you ever heard that when you first meet someone, you have just a few seconds to make a first impression? Well it’s pretty much the same with websites these days. How many times have you searched on the internet, clicked and landed on a site that was totally not what you were expecting?  Or […]


Mobile internet is a rapidly growing internet trend, and websites need to become mobile responsive to meet the demands of current customers and to attract new customers. Here are five reasons why your website needs to be mobile responsive:

1. Mobile Internet is Growing at High Speed

Smart Insights compiled the following statistics which demonstrate the remarkable growth of mobile internet use:

  • In 2015, the average adult spent 5.6 hours on digital media. Over half of that time spent on digital media was spent on a mobile device as opposed to a laptop, desktop, or tablet.
  • 80% of internet users own a smartphone
  • 57% of users accessing mobile sites “multiscreen,” using both a PC and a mobile device to access a site at the same time.

2. Social Media is Very Popular on Mobile

Facebook and Twitter are among the most popular mobile apps. ComScore reports that 55% of social media use happens on a mobile device, which means that social media marketing is reaching mobile users. But if your social media content links to sites that are not mobile responsive, then you will likely lose potential audience members.

3. A Positive Mobile Experience is Vital

If your site isn’t loading or working properly, visitors are likely to go elsewhere. If your site does load on a mobile device without mobile responsiveness, it might not look very good or function well for the user. A mobile responsive site will load properly and look great on a mobile device.

4. Mobile Responsiveness Increases Your Site’s SEO

Google enhances SEO for mobile responsive sites, which means that your website is more likely to show up in searches on mobile. A mobile responsive site keeps the same URL and HTML, and is Google’s recommended design layout.

5. Analytics are Simpler with Mobile Responsive Designs

You can easily track a mobile responsive site’s performance with analytics tools. If your site is not mobile responsive, you may not be able to track the mobile activity and traffic that is coming to your site.

Providing a positive mobile experience is vital for a business to meet its customer’s needs. A mobile responsive site is a great way to provide a great mobile experience that will benefit both your business and your customers.

If you are looking to make your Magento site mobile-friendly and responsive, we will ensure that your new mobile-friendly responsive design (RWD) aligns with your brand and vision to maximize your online presence. We invite you to schedule a complimentary assessment today with one of our certified Magento professionals.


The number of people shopping online using their smartphones and tablets continues to grow each year. Make sure your site does not look like it was built in the 1990’s. It’s important that your site offer a modern look-and-feel, as well as features that are appropriate for the various devices your customers choose to shop with. One of best ways to ensure that your Magento site is meeting the needs of these tablet and smartphone users, as well as desktop users, is to have a responsive (RWD) Magento theme. If it’s time to re-theme your site, here 3 things you may want to consider:

1. Personality and Identity: Your website is your business’ public face on the Internet. When your site makes a good impression, so does your company. Generic themes are bland and commonplace, and out-of-date themes can turn-off potential customers. Make sure your theme allows your company’s identity shine through. Your theme should be a reflection of your vision for your online business.  Create a theme for your site that helps you stand out from the competition by infusing your business’ personality in your website.

2. Responsive Design: A successful presence on the modern web requires a site suited to its evolving demands. The way we browse the Internet today is completely different from just a few years ago. More and more people are connecting with mobile devices like tablets and smartphones. You need a site that is able to handle the requirements of these new devices. To address this, custom Magento themes can use a technique known as responsive web design (RWD). This allows your site to scale its content accordingly depending on the user’s device. A customer on a smartphone or tablet will have as rich of an experience as a customer using a desktop computer or laptop. A mobile-friendly responsive design is no longer a luxury or option – it is now the expectation of online shoppers.

3. Product Presentation: Modern e-commerce sites are all about showcasing your product and highlighting your product selection. However, the approach to your themeshould be influenced based on what you’re selling.  For example, if you sell your own brand of apparel, you want to focus on showcasing your product with a simple and elegant theme and layout. On the other hand, if you sell electronics for several major brands, you want to focus on your selection and catalog. Search, navigation and product attributes are of greater importance. The theme should be modern with sophisticated functionality to ensure customers can find what they want to buy.

If you’re interested in a custom Magento theme for your site, we invite you to schedule a complimentary assessment and estimate with one of our Certified Magento Professionals.


As a large segment of e-commerce shifts away from traditional desktop and laptop computers and toward mobile devices and tablets, it is becoming imperative to incorporate responsive web design (RWD) into your e-commerce strategy. Your customers want to be able to have the same great experience whether they are working from a computer, tablet or smartphone.

The best way to make this happen is to ensure your Magento site employs a responsive web design for e-commerce. With 9 out of 10 customers expecting a consistent experience over multiple contact channels, a responsive Magento site tends to lead to an increase in conversion on mobile devices and tablets, happy customers and repeat business.

If your Magento site is not responsive today, you could be missing opportunities for 10, 20, 30, 40 or 50% of your site visitors.  Review your analytics right away and determine the percentage of your site’s visitors using mobile devices.

Making your Magento site’s appearance and functionality the same across all devices is a growing expectation of your customers, but there are several other important reasons for having a Magento responsively designed theme for your business:

  • There are over 1.2 billion people accessing the web via mobile devices today, and roughly 27% of total U.S. e-commerce spending will come from mobile devices in 2015.
  • In order to rank higher in Google mobile searches, it is necessary to keep the content of the site true to form. Low quality mobile pages that add excess loading time lose out in Google searches.
  • About 40-60% of traffic is mobile, meaning that ranking lower in Google searches can be crippling to your e-commerce goals. A mobile-friendly site is critical to maintaining your hard-earned search rankings.
  • Responsive Web Design (RWD) means there is one theme to manage.  Managing one theme/domain is significantly easier than having to manage separate ones for each platform. Users on a tablet, smartphone, desktop and laptop will all have the same shopping experience, which means they will be comfortable with the functionality and will likely continue to return to your site.
  • The improvements in mobile e-commerce and the growing popularity of mobile devices have driven this tremendous growth and are shaping the expectations of consumers.

By updating your Magento theme to a responsive design, you will maximize site traffic leading to improved conversions and mobile-friendly customer experiences, as well as gains in mobile SEO and search rankings.  A well-designed responsive Magento site will help take your e-commerce business to the next level of success and efficiency.

If you are looking to make your website mobile-friendly and responsive, we will ensure that your new mobile-friendly responsive design (RWD) aligns with your brand and vision to maximize your online presence. We invite you to schedule a complimentary assessment today with one of our certified Magento professionals.