On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) will take effect, impacting every retailer conducting business in the European Union (EU). The GDPR expands the data privacy rights of EU citizens and places new obligations on merchants who handle EU-based personal data. Salesforce Commerce Cloud is here to help our customers prepare for this major change.

The GDPR replaces the patchwork of national data protection laws currently in place with a single set of rules. Merchants established in the EU who process personal data fall under the purview of the GDPR. The GDPR also extends to merchants established outside the EU if they are transacting business in the EU by, for example, offering goods or services or monitoring the online behavior of EU data subjects.

As we’ve spoken with customers about the GDPR, we’ve compiled a list of three key takeaways all Commerce Cloud merchants should be aware of:

• The GDPR is not just for EU-based organizations – If you think the GDPR doesn’t apply to you, take a closer look. If your brand does business in the EU, offers goods or services to EU shoppers, collects data, or monitors EU data subjects, you fall within scope of the regulation.
• Merchants need to understand the impact of the GDPR on their business – Merchants are responsible for assessing the scope of the GDPR within their own companies and taking action to ensure compliance.
• The GDPR requires a partnership between Salesforce and our merchants – Salesforce looks forward to working with and listening to our merchant’s GDPR needs to better understand the impact of the law.

Salesforce will serve as an enabler of tools and features to help comply with the GDPR, and we recommend each merchant take steps to ready themselves. The GDPR will impact each merchant differently depending on their own implementation of Commerce Cloud. Merchants will be responsible to take action to ensure their own compliance.

In preparation, the Salesforce infrastructure, product, and legal teams have closely analyzed the GDPR requirements related to common ecommerce use-cases. In fact, Commerce Cloud’s best-in-class privacy and security standards, along with robust platform capabilities already meet many of the GDPR requirements. In the areas where additional requirements are needed, we are working to build further enhancements:

• GDPR-related functionality is expected to be delivered across Commerce Cloud releases 18.1, 18.2, and 18.3, prior to the May deadline. In these releases, Salesforce plans to shape existing capabilities, deliver new features, and conveniently present GDPR-related functionality to merchants to incorporate into their business.
• As new GDPR-related solutions are launched, Commerce Cloud will provide specific documentation to help customers understand how these new features can be used to help with compliance. This will cover existing tools and also extend to new release items.

Similar to existing privacy laws, compliance with the GDPR requires a partnership between Salesforce and our merchants, and we welcome an open dialogue to ensure full preparation.

For more information, customers are encouraged to visit the Salesforce GDPR Resource Website and take the EU Privacy Law Basics Module on Trailhead.