Knowledge BaseSecurity Measures & Privacy Policy

Security Measures & Privacy Policy

Sana Commerce 9.2
Your connector

General Data Protection Regulation (GDPR)

What is GDPR?

GDPR stands for General Data Protection Regulation. It's a strict European regulation intended to strengthen and unify data protection for all individuals within the European Union. The primary goal is to give citizens and residents back control of their personal data. The GDPR will become enforceable on 25 May 2018.

Why is GDPR important?

Incorrectly gathering and processing Personal Identifiable Information (PII) could result in high fines, though this shouldn't be your main motivator for GDPR compliance. The most important thing is to be aware that your company is handling PII so you can protect it like you would your own personal information.

The regulation will drastically change the way companies process and protect the data entrusted to them. If your company operates a web store, it will mean new responsibilities and liability for secure data processing.

Important changes from a GDPR perspective

  • Improved/more strict definition of Personal Identifiable Information
  • Improved rights of the person whose data it concerns
  • Privacy by default and by design are explicitly added to the text
  • Security and transfer of PII is further determined
  • Fines could be upward of €10-20 million (or 2-4% of Gross Global Company Revenue)
  • A Data Protection officer can be mandatory
  • Records must be kept of all data processing and data breaches

How does GDPR affect your business?

One of the prerequisites of the GDPR is that all businesses must keep records of all data processing within the company. You need to know what you're storing, how you're storing it and why you're storing it. Under GDPR, businesses are only allowed to store data as long as it's useful - this counts for everything from order histories to warranties.

Securing and managing structured data will always be easier than unstructured data. As such, most GDPR projects begin with discovering where data is being stored within the company and how it can be structured.

How can Sana help with GDPR?

As a software provider, Sana can help you by ensuring our software and our implementation is as privacy-friendly as possible. Even more importantly, Sana Commerce's unique ERP integration means it only stores limited personal data.

The most important data will remain centralized in your ERP. Luckily, your ERP is already secure, and the connection between Sana and your ERP is secure; Sana itself also uses secure SSL to encrypt data. Storing most of your data in the ERP is advantageous because it keeps everything structured and makes it easier for your company to secure it.

Secure with Microsoft Azure hosting

The Microsoft Azure Cloud is used for the limited data storage that does occur within Sana Commerce. Microsoft Azure is one of the most secure hosting environments out there and has ISO 27001 certification, in addition to other certifications.

This is all to ensure that your company can continue operating your e-commerce platform without worrying about data, so you can spend more time and energy on maximizing your online potential!

Using add-ons in connection with Sana Commerce

Sana Commerce could be used in combination with certain add-ons. The use of these add-ons makes Sana Commerce very powerful. Please, be aware that some of these add-ons might send personal data from Sana Commerce to external services (such as DotMailer, MailChimp, etc.). It is the shop owner's responsibility to be aware of the data usage policies and behavior of these third-parties they choose to use. It is good to know that Sana Commerce has the technical facilities to support certain legal requirements which might apply, such as obtaining consent from your website's visitors, but this depends on the specifics of the web store and the data gathering.

This article is provided as a resource, but does not constitute legal advice. We encourage you to contact a legal advisor in your country to learn how the GDPR may affect your organization and which specific requirements apply.

Knowledge BaseSecurity Measures & Privacy Policy