GDPR Data Management¶
As of 25 May 2018, the European Union's General Data Protection Regulation (GDPR) will be the new primary law regulating how companies have to treat and protect the personal data of EU residents.
Retailers most likely store personal information about their visitors in their own systems. However, as Apptus eSales manages behavioural data, it also makes a retailer's eSales implementation a part of a retailer being overall compliant with the new legislation.
Apptus eSales and GDPR¶
The two most notable points for retailers regarding GDPR compliance when using Apptus eSales are the following:
- Never create and use customer keys based on personal information such as user names or email addresses.
- Plan for how to manage and use the GDPR API to export, download, and remove behavioural data.
The GDPR API is part of the Apptus eSales Web API. It is used to execute queries enabling functions supporting the Right to access, Right to portability, and the Right to be forgotten.
To be fully compliant with GDPR in regards to Apptus eSales data, a retailer is likely to have to implement necessary functions for managing GDPR related requests from their visitors.
When executing queries with the GDPR API, basic HTTP authentication with eSales cluster credentials is required.
Please see the official GPDR homepage for more information regarding the European Union’s General Data Protection Regulation.
To be GDPR compliant with regards to the Apptus eSales solution, information about data usage should be provided. A sample text for GDPR compliance to be published on a website using Apptus eSales can be found below.
GDPR compliance sample text¶
Use of Apptus Technologies AB This website uses Apptus Technologies, an all-in-one AI-powered eCommerce optimization solution from Apptus Technologies, Trollebergsvägen 5, 222 29 Lund, Sweden (Apptus). The Apptus solution optimizes the search and navigation experience on this website by utilizing your input to expose the most relevant products based on your search and navigation activity Apptus collects pseudonymised information about your search usage and stores this information in local storage in your browser. Apptus generates a pseudonymised session ID, a pseudonymised customer ID, and your recent searches. This data is stored on your browser in order to provide a good search experience. No personal data is sent to a server and you can at all times clear your local storage to erase this data. You can find more information on Apptus at https://www.apptus.com.