Intershop Commerce Management & GDPR Changes 2018


Intershop Commerce Management & GDPR Changes 2018

As of May 25, 2018, amendments to the General Data Protection Regulation (GDPR) come into force, which have immediate effects on the operators of web shops. In this context, Intershop provided information on which checks or changes are relevant with respect to the new GDPR 2018 for Intershop Commerce Management systems (hereinafter ICM).

In principle, the following general statements can be made regarding the need for action in relation to the new GDPR:

  • From the point of view of data security, the e-commerce system should always be upgraded to the latest software version of the ICM
  • General use of https in the e-commerce system
  • Encryption of customer communication (contact forms)
  • Checking the data streams between the participating systems for data security (encrypted data transmission)
  • Checking the passwords used in the e-commerce system for security (eg for back-office access as well as in the context of data transfers)
  • Examination of the GDPR compliant use of customer data in the webshop (eg personal data of the user, use of credit card data)
  • GDPR compliant use of web tracking (eg Google Analytics, Piwik, Open Web Analytics or similar) - Note: by default, web tracking is disabled in the ICM!)

Furthermore, each operator of an online shop should conduct their own consideration of the data-relevant processes for his e-commerce system.

Information about GDPR 2018 for online shop operators based on Intershop Commerce Management

The documents specially provided by Intershop include an overview of which customer-specific data is processed in Intershop systems. The aim is to enable online shop operators to fulfill the requirements of the GDPR. Thus, online shop users have from May 25, 2018 the comprehensive right to information about the data stored about them. So that the operators of the shops can take this information right into account, functions will be provided with the upcoming version of the ICM 7.9 which should enable the export of the customer data stored in the shop. Below is an overview of the contents and objectives of the available documents. If you would like further information or would like to receive these documents from us, please contact us.

1. Documentation about stored customer data (ICM 7.9)

This documentation provides an overview of customers' personal information collected, processed and transmitted in a webshop based on the latest version of Intershop Commerce Management 7.9.

Customer data are processed in the following functions of the Intershop Commerce Management:

  1. Anonymous Shopping
  2. Customer Profile
  3. Additional Address Information
  4. Sessions
  5. Shopping Cart & Order
  6. Gift Cards
  7. Wish List, Product Notifications
  8. A/B Tests, Promotions
  9. Social Plugins
If necessary, the document helps the operator of a web shop to provide information on where and which customer data is recorded in the system, upon requests from customers.

2. Documentation for the creation of a privacy policy (ICM 7.10)

This document contains necessary records of processing activities for data protection declaration.

Overview of the content for a privacy policy when using the Intershop Commerce Suite

  1. Intershop Commerce Management 7.10
    • Records of processing activities
  2. Intershop Order Management
    • Records of processing activities
  3. Intershop Commerce Insight
    • Records of processing activities for the reporting data
    • Records of the ICI users
The operator of an online shop is thereby enabled to supplement the directory of processing activities necessary for the creation of the data protection declaration with the processes relevant to the customer data in the Intershop Commerce Suite.

3. Guide - Checklist Security & Data Protection (ICS 7.10)

In order to check whether the requirements of the GDPR with respect to the use of data in the web shop are met, Intershop also provides a checklist in the form of a guideline for the ICM version 7.10 announced at the beginning of August. It describes the following fields of action in relation to the GDPR amendments 2018:

  1. Prevention of Injections
  2. Authentication and Session Management
  3. Avoid Cross-Site Scripting (XSS)
  4. Prohibit Insecure Direct Object References
  5. Prevent Security Misconfiguration
  6. Avoid Sensitive Data Exposure
  7. Function Level Access Control
  8. Prevent Cross-Site Request Forgery (CSRF)
  9. Circumvent Components with Known Vulnerabilities
  10. Avoid Unvalidated Redirects and Forwards
  11. Firewall Configuration
The operator of an Intershop Commerce Suite is provided with a checklist with which he can check in detail whether the own shop system is up-to-date in terms of data security.

  • General Data Protection Regulation (GDPR) 2018,
  • Experts in Motion,
  • Intershop,
  • Intershop Commerce Suite,
  • GDPR,
  • E-Commerce,
  • Intershop,
  • ICM,
  • Intershop Order Management,
  • Intershop Commerce Insight,
  • Data Protection,
  • Customer Data,
  • Data Security,
  • Webshop,
  • Online-Shop
  • Tips & Hints
  • E-Commerce
  • Data Protection

Do you need support for the GDPR changes concerning your Intershop Online Shop?

Quick Contact
Yes, I consent to Experts in Motion AG using the data I have provided for the consultation, and to keep me informed via phone. I can revoke my consent at any time (Privacy Policy).
Do you like who we are and what we do?

We are hiring!

In order to meet the growing demand for excellent e-commerce consulting and software development, we are looking for highly qualified specialists as well as committed newcomers in the field of e-commerce and digital transformation.

You're an expert in your field?

This fits to our services and you would like to be part of our team?

Learn more

  • Software Development
  • Web-Development
  • Java-Programming
  • Consulting
  • Business Computer Science
  • Software Architecture
  • Technical Specification
  • Databases
  • Documentation
  • System Architecture
  • Application Management
  • Product Owner
  • Scrum Master
  • Graphic & Design
  • Project Management
  • dual study
  • internship
  • working student
Loading Layer