GDPR stands for “General Data Protection Regulation”. It is a law in Europe that aims to protect the personal data of website users. The law defines the rules to manage the personal data of the European population by all those websites that are operating in Europe. It is one of the toughest privacy and security laws in the world.

The most important element of the GDPR is that it allows the regulators in European countries to penalize the businesses that don’t comply with the Law to process an individual’s data in a prescribed way.

Shopify has gone a step further by applying this law to all the partners that are operating on its platform uniformly. All the apps being built on the Shopify platform must be compliant with the GDPR norms set up by Shopify (even if your app is not collecting any personal data).

Shopify mandates that every Shopify public app must implement 3 webhooks:

  • Customer’s Data View Request: customers/data_request
  • Customer’s Data Delete Request: customers/redact
  • Delete the shop’s data request: shop/redact

You can configure these 3 webhooks from your partner’s dashboard. Navigate to the “apps-> your app -> GDPR Mandatory webhooks” section. You can know more about these webhooks here: https://shopify.dev/apps/webhooks/configuration/mandatory-webhooks