GDPR 將對您造成怎樣的影響？

《通用數據保護條例》(GDPR) 影響任何位于歐洲或為歐洲客戶提供服務的 Shopify 商家。雖然 Shopify 正努力確保其自身及其商家自 2018 年 5 月 25 日起符合 GDPR，但務必注意，GDPR 還要求商家獨立于 平臺采取行動。

Shopify 希望幫助商家盡可能地遵守法律。本文包括您應考慮的問題，旨在幫助您評估自己的義務，從而確保您以合法的方式設立商店。

也就是說，這不是法律建議。GDPR 是一項復雜的法規，它將以不同的方式適用于不同的商家。您應咨詢律師，了解您具體需要做什么。

有關處理數據請求的信息，請參閱處理 GDPR 數據請求。

Shopify 為什么不能為商家處理 GDPR 合規性？

GDPR 規定了數據控制方和處理方的不同義務。作為數據處理方，Shopify 按照 GDPR 履行其自身的法律義務。但是，商家（作為控制方）也有自己必須考慮的獨立義務。

Shopify 為商家提供了一個可配置為符合 GDPR 的平臺，但您必須自己考慮如何經營您的業務。

為進一步提供指導，歐盟范圍內的以下監管機構就 GDPR 提供了具體指導：

• ICO - 數據保護指南。
• 愛爾蘭數據保護專員 - GDPR。
• CNIL - Règlementeuropéen：seprépareren6étapes。

收集個人數據

GDPR 保護歐盟范圍內的個人在處理個人數據方面的基本權利。

個人數據示例包括：

• 名稱
• 地址
• 電子郵件地址
• 賬戶
• 數字標識符，例如 IP 地址或 Cookie ID。

考慮以下問題：

• 您是否在收集的個人數據？大多數網站對歐洲的居民開放，并且將遵循 GDPR 規定。
• 如果您的商店使用第三方應用或模板，它們是否按照 GDPR 的規定收集和處理數據？為了簡化此流程，Shopify 要求所有應用發布詳細說明數據處理做法的隱私政策，您可以評估是否愿意接受該應用的數據處理做法。Shopify 開發的應用遵從數據處理附錄，并且 Shopify 對這些應用的合規性負責。
• 您使用的渠道或支付網關是否按照 GDPR 的規定來收集和處理數據？您應該與他們聯系以確保這一點。
• 您是否列出了從客戶處收集的所有類型的個人數據以及您使用此類數據的所有方式？GDPR 第 30 條要求您維護您實踐的當前映射。

How does the GDPR affect you?The General Data Protection Regulation (GDPR) affects any Shopify merchants who are based in Europe or who serve European customers. While Shopify is working hard to make sure that it complies, and allows its merchants to comply with the GDPR as of May 25, 2018, it is important to note that the GDPR will also require you to take action independently from the Shopify platform.Shopify wants to help place merchants in the best possible position to comply with the law. This article includes questions you should consider to help you assess your obligations to make sure that you have set up your store in a way that complies with the law.That said, this is not legal advice. The GDPR is a complicated regulation, and it will apply differently to different merchants. You should consult with a lawyer to figure out what you specifically need to do.For information about processing data requests, see Processing GDPR data requests.Why can't Shopify handle GDPR compliance for merchants?The GDPR imposes different obligations on controllers and processors of data. As a processor of data, Shopify fulfills its own legal obligations under the GDPR. However, merchants (as controllers) also have their own separate obligations that they must consider.Shopify provides merchants with a platform that can be configured to be GDPR compliant, but you must consider yourself how you would like to run your business.For further guidance, the following regulators within the European Union have provided specific guidance on the GDPR:ICO - Guide to data protection.Irish Data Protection Commissioner - GDPR.CNIL - Règlement européen: se préparer en 6 étapes.Collecting personal dataThe GDPR protects the fundamental rights of individuals within the European Union in relation to the processing of personal data.Examples of personal data include:NameAddressEmail addressSocial media accountDigital identifier such as an IP address or a cookie ID.Think about the following questions:Are you collecting personal data from customers in Europe? Most websites are available to residents of Europe, and will fall under the GDPR.If your store uses third-party apps or themes, then do they collect and process data in accordan with the GDPR? To simplify this process, Shopify is requiring all apps to post a privacy policy detailing their data handling practices, so that you can assess whether you are comfortable with that app’s data practices. Shopify-developed apps fall under the Data Processing Addendum, and Shopify is responsible for their compliance.Do the channels or payment gateways you use collect and process data in accordance with the GDPR? You should follow up with them to make sure.Do you have a list of all of the types of personal data that you collect from your customers, and all of the ways in which you use this data? Article 30 of the GDPR requires you to maintain a current map of your data practices.

特別聲明：以上文章內容僅代表作者本人觀點，不代表ESG跨境電商觀點或立場。如有關于作品內容、版權或其它問題請于作品發表后的30日內與ESG跨境電商聯系。