Have you considered how Magento GDPR compliance will effect your eCommerce website? With the growing amounts of personal data being captured every day, the importance of laws and regulations imposed on organisations holding individuals’ data has increased greatly.
The GDPR (General Data Protection Regulation) has been created to dictate how companies and organisations are permitted to attain this data in an effort to provide people with greater control over their privacy. This poses a problem for marketing teams where this data is used to more accurately target suitable customer groups.
GDPR Issues for charity ecommerce websites
Nowhere does this pose more of a problem than amongst charities, where the majority of their donations are gained through actively campaigning to make potential donors aware of a particular crisis or cause.
Send a cow are a global organisation who allow donors to purchase gifts for people in developing countries on behalf of others. We built their Magento eCommerce store in 2026 and have provided support to them ever since. In light of these changes, we recently went about revising their checkout process to ensure all regulations are followed correctly ahead of their enforcement in 2018.
Magento GDPR compliance updates
The key aim was to update their data capture strategy during checkout to allow customers to allow future updates whilst ensuring no data was captured without the customer actively opting in. We had to ensure that existing customers be identified and that records were updated where necessary and we had to achieve this with minimal disruption to the customer journey.
Contact Opt-in Modal
Prior to these updates the data capture section was located within an order review page alongside prompts for additional donations and a gift aid opt in. We decided that this should be moved into a more prominent position to encourage opt in. The logical placement for this seemed to be after having submitted the billing information form as this is where the majority of the data is submitted by the donor.
The above modal appears when a customer submits this billing form and it has been validated. In this case, the telephone number input is optional so telephone and sms options have been set up to only display if this option has been filled in.
At this stage if the donor interacts with the modal we capture this within their quote data. Using this data, if a user closes this modal without interacting we redisplay this modal after 10 seconds of them landing on the checkout success page. As requested by the client, we also store an additional field identifying the stage at which donors have opted in – to help them with future strategy.
Handling existing customer updates
As shown above, when the billing form is submitted a check is made to identify if the customers email has been used for any previous orders. If so, a separate modal appears asking the customer to log in. This ensures that customer preferences are unified and tied to customers email address – so any updates will apply across multiple potential logged in or guest orders.
GDPR compliance with third-party data
GDPR dictates that where third-party data is captured through a given source – in this case the Send A Cow website – a customer must be able to manage this data through that same source. The Send A Cow newsletter is managed through both Magento and Campaign Monitor, and so to be compliant with GDPR we had to take additional steps here to check for any existing subscription within Magento, compare this to the donors request and update it accordingly via the Campaign Monitor API.
With this implemented we successfully gave customers ample opportunity to opt in for updates without disrupting the checkout journey whilst ensuring all opt-in requests were intentional and helping to meet Magento GDPR compliance requirements.
Give customers control over their data
Having achieved this, it became apparent that the opt-in choices of a customer could only be updated if they were to go through the checkout process. Any customers wishing to manually update these preferences would have no way of doing so until they placed another order in the future.
In order to address this, we implemented an additional section within the customers ‘my account’ section titled ‘My contact Preferences’. Within this screen, we added a number of checkboxes displaying the customers current preferences. If the customer makes a change to any of these options an update button is displayed which, if clicked, submits an ajax call with the relevant updated data and this is updated within the customers record.
Magento GDPR compliance doesn’t have to be difficult. As the above example shows, despite the GDPR providing new challenges in the capturing and handling of customer data. With the right strategy and implementation, only a few steps are required to make an existing eCommerce store fully compliant with minimal disruption to any customer journey.
To find out more about how we’ve delivered eCommerce websites for a range of charities and charitable organisations please read further here Charity eCommerce Websites. For an overview on Magento GDPR compliance, check out this great article or the official GDPR website.