General Data Protection Regulation (GDPR)

A guide to the European privacy and data protection changes.

In this article:

  • What is GDPR?
  • How does GDPR affect Eber?
  • How does GDPR affect you?


What is GDPR?

The General Data Protection Regulation, or GDPR, is an European Union regulation that comes into effect on May 25th, 2018. This regulation changes how companies collect, use, and process the personal data of European residents.

To review the entire regulation, click here.

Eber is working hard to make sure we will comply with the GDPR when it takes effect. We have put together some detailed information about how the GDPR affects the Eber platform, and what we’re doing to prepare for it.


How does GDPR affect Eber?

The General Data Protection Regulation (GDPR) is a broad regulation that reshapes the landscape of data usage for companies that operate globally. We have extensively evaluated how GDPR affects our business. The good news is that the law does not require us to change the services we provide - it just changes how we provide those services.

The GDPR affects Eber in the following ways:

  • It requires us to re-organize our privacy team, and to adequately document and keep records of certain privacy-related decisions made by us so that we are accountable for our privacy practices.
  • To make sure that we and our merchants are able to honor the rights of European merchants and customers over their personal data.
  • It requires us to make certain contractual commitments to our merchants, and requires us to get certain contractual commitments when we use a third-party sub-processor to provide our services.

Eber has been hard at work preparing for the GDPR. However, there is still more for us to do even after May 25, 2018 to be compliance, and we are continuously re-evaluating our data protection program as new guidance and interpretations of GDPR are released. Your understanding and patience is much appreciated.


How does GDPR affect you?

All Eber users should consult with their legal professionals to understand their full scope of compliance obligations under the GDPR. As a general rule, if you are a store based out of the European Union, or have customers who live in the European Union, you will need to be GDPR compliant.

What do you need to know when using Eber?

Eber is a Data Processor which means that we process the data that you collect on your store, including Personal Data and Non-Personal Data. When creating or editing your privacy policy, you will need to disclose that your customer's data is being shared with Eber for the purpose of the rewards program, including what data is being collected.

The data we process for your customers may includes but not limited to:

Personal Data:

  • Name
  • Email
  • Phone Number
  • Address
  • Martial Status
  • Date of Birth
  • Gender
  • Nationality

Non-Personal Data:

  • Transactional Data
  • Account Creation Date

How do I remove customer data from Eber?

Under the GDPR, Data Subjects have the "right of erasure". This means they can request that their data be removed at any point. As Eber does not collect data and process your existing customer accounts, the customer data should be removed within your eCommerce platform.

Should a customer reach out to us directly, we will refer them back to you to evoke this right.


The fine print: This GDPR Guide is for informational purposes only. It is not legal advice. Please reach out to your legal counsel to receive tailored guidance on how the GDPR may impact your business.