In general, GDPR is a set of rules mandated by the EU for any company doing business with persons within the EU. This is true regardless of the location of the company conducting the business. Effectively this means that even as a company outside the EU, you are subject to GDPR if you sell to a person residing within the EU.
Among other things GDPR mandates that:
Please note the above is not a complete list of GDPR requirements, but rather the subset important for how Ucommerce can help establish GDPR compliance for customers.
Most of the requirements of the GDPR deal with documenting internal business processes and so cannot directly be supported by Ucommerce. The responsibility to support GDPR rests solely with the company using Ucommerce.
To help support GDPR compliance for our customers we are making the following available:
As always we will gather feedback from partners and customers. Should the need for these types of features increase we will add them to the roadmap.
Because customer consent is primarily going to be required for marketing activities, we expect consent to be stored in one central repository in the CMS or externally in a CRM system. In the case of both Umbraco and Kentico tools are available for the CMS to gathering consent and store them, e.g. Forms for Umbraco and GDPR support in Kentico 11 EMS Edition.
Keep in mind that the CMS stores additional personal information for marketing and personalization purposes, e.g. contacts in Kentico and Sitecore will hold additional personal information. It is up to the CMS vendors to document and provide tools to support GDPR for these areas.
Because Ucommerce does not host the solution on behalf of you as a customers, you do not need a data processing agreement with Ucommerce. However, you will need a data processing agreement with the hosting provider you select, e.g. Microsoft for Azure or with Umbraco for Umbraco Cloud.