Home > BigCommerce > Docs > Setup GDPR Compliance for BigCommerce: Tutorial, Checklist

How to set up GDPR Compliance for BigCommerce stores?

Last updated: August 01, 2024
Written and researched by experts at AvadaLearn more about our methodology

By Sam Nguyen

CEO Avada Commerce

Data privacy regulation is necessary for online businesses, helping them gain more explicit consent to use and analyze data from their customers. Moreover, living in the “big data” area, both governments and authorities get a hold of themselves about how essential the regulation and legislation are to protect personal information.

One of the most common regulations used is GDPR Compliance. Without expectation, BigCommerce stores have to comply with this regulation for protecting users’ data.

In this article, we will show you how to set up GDPR Compliance for BigCommerce stores.

What is GDPR?

General Data Protection Regulation, abbreviated as GDPR sets a standard for privacy and security regarding data and personal information. It places the responsibility of businesses to give individuals more control over their private information.

What is GDPR?

For instance, if you are supposed to run your own online store and collect users’ data on EU-based websites, you must comply with the standards launched by EU GDPR.

How to set up GDPR Compliance for BigCommerce stores

There are 4 steps of setting up GDPR Compliance for anyone who just starts to operate their own online store or has not installed GDPR in their store settings yet.

Step 1: Create privacy policy

To install privacy policy, firstly you go to the “Storefront”, after that choose “Web Pages”

Create privacy policy

Create privacy policy

Next, if you haven’t had a privacy policy, you have to create it on web pages like this: click on “Create a web page”.

Create privacy policy

You can write the content of your privacy policy as a model text following:

Text Marketing Terms and Conditions:

  • We are using a text messaging platform, which is subject to the following terms and conditions. By opting in for our text marketing and notifications, you agree to these terms and conditions.

  • By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. You acknowledge that consent is not a condition for any purchase.

  • Your phone number, name, and purchase information will be shared with our SMS platform “SMSBump Inc, an European Union company with offices in Sofia, Bulgaria, EU. This data will be used for sending you targeted marketing messages and notifications. Upon sending the text messages, your phone number will be passed to a text messages operator to fulfill their delivery.

  • If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.

If you already have it, click on an icon under the “Action” section to edit or preview.

Create privacy policy

To set up cookie consent, you choose “Store Setup” and then “Store Settings”.

Build cookie consent settings

When you enter store settings, in the bar of this section, click on “Security & Privacy” term.

Build cookie consent settings

Scrolling down and you will see the term “Your customer’s privacy”, tick on “Cookie consent tracking” to turn on the cookie consent banner on your store.

Build cookie consent settings

Step 3: Classify third-party and custom scripts

In the third stage, we use “Script Manager” to help your store being categorized so scripts work in conjunction with the cookie consent tracking store settings. First thing first, you go to the “Storefront” again and choose the “Script Manager” part.

Classify third-party and custom scripts

Then, we will show you how to create a script for your BigCommerce site.

Most parts are recommended to click, you need to fill in the name and description of the script.

Classify third-party and custom scripts

Only one thing you notice is before typing the content script, you must pick the “Script type” which is URL and Script to create script.

Classify third-party and custom scripts

Here is our example following Script option.

Script code by BigCommerce:

<script>
if(document.location.search === "?action=create_account") {
   
    consent_checkbox = document.querySelector("input[value='I agree to the Privacy Policy']").attributes['name'].value;
    
     document.querySelectorAll("label[for='"+consent_checkbox+"']")[0].innerHTML = "I agree to the <a href='/privacy'>Privacy Policy</a>";
};
</script>

At the end, you click “Save” then you enable to classify your store more conveniently. For further change, click this symbol to edit the script.

Classify third-party and custom scripts

Last but not least, it is important to ask for consent to sign up and check out. For inquiring consent to signup, you do like the following steps: go to “Advanced Settings” and choose “Account Signup form”

Inquire consent to sign up and checkout

Inquire consent to sign up and checkout

Click “ Create a New Field” and select the “Checkboxes” type.

Inquire consent to sign up and checkout

A table appears and you need to fill the information about consent as a recommended content we have created. Then click save to add consent in SignUp.

Inquire consent to sign up and checkout

Now moving to click the “Checkout” section.

Inquire consent to sign up and checkout

Keep surfing and you can see “Customer” in Optimized One-Page Checkout Settings, tick on the second option including the word “GDPR”. Remember to save your change!

Inquire consent to sign up and checkout

5 checklists of GDPR Compliance for BigCommerce

1. Review third-party apps

Review third-party apps

It is necessary to get rid of unused apps on a regular basis if they are not active anymore. To entrepreneurs, this opportunity helps them uninstall third-party apps which are worthless for them.

For the rest of third-party apps, you had better have their own privacy policies and download copies of them in a file on the computer. Furthermore, you must make a list of all apps’ GDPR statements, consisting of what data they collect and how to contact the app managers if you get a data request from your visitors.

Besides, if your store is affiliated with some top sales channels such as Amazon, eBay, or Facebook, you still need to document their GDPR in your privacy policy. Or else you use other sales channels, you must verify that their apps are compliant. Besides, if the app you are cooperating with does not have a privacy policy, you have to move to another compliant app.

2. Shipping product and logistics

Online Shopping

If your store is applying to a small payment gateway service, be careful of looking at their GDPR policies and statements. You have to report them right away whereas they do not have any policies.

Couples of BigCommerce stores are using drop shipping suppliers who ship to customers directly. Customers have a right to complain, so it is crucial to work smoothly with a third-party logistic/delivery company to solve unexpected problems at once. Remember a quote “A great user experience should come first” when you run a business”.

3. Revise your eCommerce privacy policy regularly

Revise your eCommerce privacy policy regularly

The way you revise your privacy policy often is by gathering a complete list of the personal information you get from your customers and visitors, and other sources. You need to include it in your revised privacy policy, then tell visitors and customers what data you are collecting as they come across or make an order.

To be more detailed, by letting users know that they may ask for a copy of their data, you have to provide them easy-to-understand instructions, guiding them to follow your requirement. The instructions will be represented as an email address sending that user, also containing contact information if he/she needs help or has a question.

Additionally, you noticeably consider data protection in your policies. It implies that each new product, service, or site’s activity account for data protection. Therefore, revising the eCommerce privacy policy is more inevitable to do regularly.

Earn customer consent in GDPR

One of the first things you need to accomplish is installing customer consent in your GDPR Compliance because the customers must be empowered as you get their data to use on purpose. For example, you are collecting email addresses from your buyers for your project, you must create an opt-in form mail that figures out which data is used for and assures that their private data will not be leaked out of your project. Some requirements you need to meet if you want to earn customer consent:

  • Freely given: the data is not tricked, coreced, and exploited.

  • Specific: the data is collected for what purpose and why customers should give their information.

  • Informed: you tell how important that information will be used for.

  • Clear & Unambiguous: the written is simple, concrete and readable to understand.

5. Give accountability of your store

Give accountability of your store

Bringing out your evidence of compliance shows that your business is compliant to purchase goods or offer services. You would wonder how to give accountability of your store, here you are:

  • Include data privacy and security terms in all contracts with third-parties.

  • Keep all data collection, when it gets used, for what purpose.

  • Train your staff in both technical and organisational measures in terms of data security.

Final thought

After reading this article, you are probably aware of the importance of GDPR Compliance particularly and privacy policy, in general, you will encounter sensitive and private information once you yourself run an online store. This policy not only gives customers equal treatment, but it also is a chance for businesses to gain more profit.

For further information, we gave meticulous guidance to somebody who has not installed GDPR Compliance for BigCommerce sites. I hope that this article is helpful and if you face any problems, feel free to comment down below to let us know!


Sam Nguyen is the CEO and founder of Avada Commerce, an e-commerce solution provider headquartered in Singapore. He is an expert on the Shopify e-commerce platform for online stores and retail point-of-sale systems. Sam loves talking about e-commerce and he aims to help over a million online businesses grow and thrive.

Stay in the know

Get special offers on the latest news from AVADA.