Gdpr Lp 3681 Hero Asset

GDPR compliance for ecommerce: BigCommerce is ready

Data privacy regulations require businesses to gain
more explicit consent to collect and use data from
individuals in the European Union.

GDPR compliance for ecommerce: BigCommerce is ready

Data privacy regulations require businesses to gain more explicit consent to collect and use data from individuals in the European Union.

What you need to know about GDPR

The EU General Data Protection Regulation, or GDPR, places the responsibility on businesses to give individuals more control over their personal data. And it's not limited to European businesses. You should consult a lawyer if you have any questions about how GDPR applies to your business, but, in general, any company offering goods or services to individuals in the EU must comply.


GDPR is premised on the belief that all users have the right to:
  • Know how their data is being used
  • Correct inaccurate or incomplete personal data
  • Erase or remove their personal data
  • Restrict data processing
  • Obtain and reuse their own personal data
  • Decide if data may be processed

What you need to know about GDPR

The EU General Data Protection Regulation, or GDPR, places the responsibility on businesses to give individuals more control over their personal data. And it's not limited to European businesses. You should consult a lawyer if you have any questions about how GDPR applies to your business, but, in general, any company offering goods or services to individuals in the EU must comply.


GDPR is premised on the belief that all users have the right to:
  • Know how their data is being used
  • Correct inaccurate or incomplete personal data
  • Erase or remove their personal data
  • Restrict data processing
  • Obtain and reuse their own personal data
  • Decide if data may be processed

Fines for GDPR violations could reach a maximum of $24 million or 4% of your annual sales.

BigCommerce has your ecommerce platform GDPR compliance covered.

BigCommerce merchants achieve GDPR compliance with features and capabilities that allow them to:

  • Correct data: Customers can correct or update their data when they log in to their account.
  • Erase data: Customer data deleted from the BigCommerce Control Panel will remove Personal Data associated with that customer within 14 days.
  • Make data portable: Customer data can be exported into the CSV format by the Bulk Import/Export tool.
  • Require consent to use data: You can easily add a checkbox to give your users the ability to view and agree to your privacy policy before registering for an account.
  • Protect data: The BigCommerce security team ensures data that transits to our platform is protected at every stage.
  • Report breaches: In the event that any data breach involves BigCommerce, we will report the event to you without undue delay.
  • Respond to data requests: BigCommerce will action all Data Subject Access Requests submitted to privacy@bigcommerce.com, within the required 30 days.

BigCommerce has your ecommerce
platform GDPR compliance covered.

BigCommerce merchants achieve GDPR compliance with
features and capabilities that allow them to:


  • Correct data: Customers can correct or update their data when they
    log in to their account.
  • Erase data: Customer data deleted from the BigCommerce Control
    Panel will remove Personal Data associated with that customer within
    14 days.
  • Make data portable: Customer data can be exported into the CSV
    format by the Bulk Import/Export tool.
  • Require consent to use data: You can easily add
    a checkbox to give your users the ability to view and agree to your
    privacy policy before registering for an account.
  • Protect data: The BigCommerce security team ensures data that
    transits to our platform is protected at every stage.
  • Report breaches: In the event that any data breach involves
    BigCommerce, we will report the event to you without undue delay.
  • Respond to data requests: BigCommerce will action all Data Subject
    Access Requests submitted to privacy@bigcommerce.com, within the
    required 30 days.

Tips for ecommerce GDPR compliance

Make sure your vendors are GDPR compliant

If you transfer an individual's personal data to vendors — such as integrations or third-party apps — verify that they are GDPR compliant.

Protect personal data and report breaches

Take steps to make sure your customers' data is secure, and if there's a breach, disclose it to the Supervisory Authority within 72 hours.

Update your data privacy notice

Explicitly ask for consent before collecting personal data, and be transparent and specific about the way it's being collected and used.

Create a GDPR compliant
privacy policy

Check out this example of a GDPR compliant privacy policy for a basic BigCommerce trial store.

Start Here

Make sure your vendors are GDPR compliant

If you transfer an individual's personal data to vendors — such as integrations or third-party apps — verify that they are GDPR compliant.

Protect personal data and report breaches

Take steps to make sure your customers' data is secure, and if there's a breach, disclose it to the Supervisory Authority within 72 hours.

Update your data privacy notice

Explicitly ask for consent before collecting personal data, and be transparent and specific about the way it's being collected and used.

Create a GDPR compliant
privacy policy

Check out this example of a GDPR compliant privacy policy for a basic BigCommerce trial store.

Start Here

More GDPR peace of mind for your ecommerce platform

BigCommerce meets and exceeds the privacy standards required by the GDPR. While all our servers are located in the US, we are participants in the EU-US Privacy Shield Framework.

Learn More

Managing vendor GDPR compliance

We're committed to providing ways to integrate securely with third-party apps to manage your BigCommerce store and help you make informed decisions.

Protecting personal data

As a component of our ongoing commitment to data security, we are actively planning for our ISO 27001 certification, the highest level of information security.

Learn More

Updated cookie policy

Our cookie policy allows merchants to explain what cookies BigCommerce places on their buyers' web browsers (this does not include third-party integration cookies). We give merchants the ability to block cookies used to provide insights and analytics, and we're building new solutions to provide analytics without cookies.

How BigCommerce complies with GDPR

We've worked hard to stay ahead of GDPR and go above and beyond to maintain compliance. Here's how you can count on BigCommerce to comply with these new data privacy rules:

Data protection leader

BigCommerce has appointed data protection leader Christopher Beckett to ensure compliance with regulatory requirements and provide clarity moving forward.

Data processing inventory

We continue to catalog data processing activities to ensure that collection, processing, and dissemination stays GDPR compliant.

Vendor assessment

We have assessed vendors for our core platform with whom BigCommerce shares personal data.

Privacy protocols

BigCommerce has implemented GDPR-compliant protocols, like data breach response policies and an updated privacy policy.

Data protection leader

BigCommerce has appointed data protection leader Christopher
Beckett to ensure compliance with regulatory requirements and
provide clarity moving forward.

Data processing inventory

We continue to catalog data processing activities to ensure that
collection, processing, and dissemination stays GDPR compliant.

Vendor assessment

We have assessed vendors for our core platform with whom
BigCommerce shares personal data.

Privacy protocols

BigCommerce has implemented GDPR-compliant protocols, like data
breach response policies and an updated privacy policy.

Have more questions about BigCommerce and GDPR compliance?

Join the Security & Privacy conversation here

Get GDPR peace of mind from your
ecommerce platform

Start your free trial

Disclaimer: The information on this page is for guidance only and does not constitute legal or professional advice. Always consult a qualified lawyer on any specific legal problem or matter. BigCommerce disclaims all liability with respect to the information in this document.