How Cratejoy Is Preparing For the GDPR Rollout

The General Data Protection Regulation (GDPR), scheduled to go into effect May 25, 2018, impacts Cratejoy merchants who are either based in Europe or sell to European customers.

In preparation for the changes, we’ve put together a list of steps Cratejoy is taking to comply with GDPR as well as a few you can take to protect your business.

While we are committed to merchant education, the information below should not be interpreted as legal advice nor as a specific recommendation of any legal understanding. If the GDPR applies to you, we recommend you consult with an attorney who can advise you on how you should interpret this new privacy law and recommend steps toward compliance.

How Cratejoy is preparing for the GDPR

  1. The GDPR doesn’t require personal data to be stored in Europe, only that the data is appropriately protected. Personal data stored by Cratejoy is compliant under the GDPR.
  2. Cratejoy evaluated all consent practices in accordance with the GDPR’s high standard for consent and added tools for merchants to provide explicit consent at checkout to their customers.
  3. Cratejoy has reviewed and updated our Privacy Policy and Terms of Service to include information on data processing, data retention periods, and  EU customers’ rights to information. Any EU customer with requests for personal data information or deletion can reach out to for assistance.
  4. Cratejoy trained key internal teams on GDPR practices, enabling them to provide information about data collection and processing practices when requested.

How you can prepare for the GDPR

As merchants work towards GDPR compliance, some Cratejoy-adjacent topics to consider might include:

  • Privacy Policy. Think about implementing, documenting, and posting a privacy policy on your website. Consider making it easy for customers to reach out to you about removing or updating their customer information (Read more here about how Cratejoy will help you remove customer data, if someone requests it).
  • Cookie Consent. Consider informing users about how you use cookies, if you use tracking cookies and pixels on your website. Popular services for this that are compatible with your Cratejoy website include Cookie Consent.
  • Collecting Customer Information in Surveys. Consider what information you collect about your customers if you use pre-purchase or post-purchase surveys to customize your subscription for your customers. Be sure to explain how and why that information is collected, and how it will be used.
  • Mailing lists and integrations, like MailChimp and Sumo. If you use popular email list signup forms like MailChimp or Sumo, consider documenting in the signup form exactly what your customers are signing up for, and how their email address might be used.
  • Internal documentation. Start documenting internal procedures on the processing and storage of personal data across services you might use.

Tools for working toward GDPR Compliance

Cratejoy wants to help you as they work towards GDPR compliance, with the following tools, topics, and suggestions.

Marketing Settings

Cratejoy now provides an updated checkout setting, that makes it easy to collect a customer’s marketing preference at checkout. Learn more here.

Data Erasure Requests

Cratejoy will work with you to process and comply with any data erasure requests you may receive. Just reach out to and reference our data erasure checklist here.

For more info, check out The Information Commissioner’s Office’s comprehensive guide on the GDPR and attaining compliance.

Again, any EU customer with requests for personal data information or deletion can reach out to for assistance.

Leave a Reply

Your email address will not be published.