GDPR Data Management¶
As of 25 May 2018, the European Union's General Data Protection Regulation (GDPR) will be the new primary law regulating how companies have to treat and protect the personal data of EU residents.
Retailers most likely store personal information about their visitors in their own systems. However, as Apptus eSales manages behavioural data, it also makes a retailer's eSales implementation a part of a retailer being overall compliant with the new legislation.
Apptus eSales and GDPR¶
The two most notable points for retailers regarding GDPR compliance when using Apptus eSales are the following:
- Never create and use customer keys based on personal information such as user names or e-mail addresses.
- Plan for how to manage and use the GDPR API to export, download, and remove behavioural data.
The GDPR API is part of the Apptus eSales Web API. It is used to execute queries enabling functions supporting the Right to access, Right to portability, and the Right to be forgotten.
To be fully compliant with GDPR in regards to Apptus eSales data, a retailer is likely to have to implement necessary functions for managing GDPR related requests from their visitors.
When executing queries with the GDPR API, basic HTTP authentication with eSales cluster credentials is required.
Please see the official GPDR homepage for more information regarding the European Union’s General Data Protection Regulation.