GDPR Compliance Checklist: Get Fully Prepared!

Officially approved by EU Parliament, General Data Protection Regulation (GDPR) is going to come into force on May, 25th of 2018. This law is supposed to replace Data Protection Directive 95/46/EC established back in 1995, and unite and update the regulations controlling data protection across EU countries.

The main aim of General Data Protection Regulation is to provide EU citizens with personal data security by imposing specific restrictions and responsibilities on the organizations (or data controllers) processing and collecting such data. Personal data hereby stands for "any information relating to an identified or identifiable natural person".

Territorial Applicability

The regulation supervises any of such institutions notwithstanding with the place of their establishment. It means that GDPR is applicable to any system processing an EU citizen’s personal data either within or outside EU territory. Besides, this law stipulates one-stop shop principle: in case a company has its sub-departments in other member states, it will deal with the authority located in the same state as the main office.

Individual's Rights

GDPR comprises an enormous number of rules and restrictions, so a data controller should be very attentive and careful to avoid violation of any of them and getting penalized. Some of these limitations consist in preserving the following rights by an individual, whose personal data was disclosed or was required to be disclosed:

  • to refuse from giving personal data;
  • to erase the given personal data after the end of processing;
  • to obtain an access to the recorded data;
  • to request for restricted processing of data.

No personal data can be processed without a person’s clear consent. An individual, whose rights were infringed, may lodge a complaint or demand a remedy or compensation.

Technical and Organizational Measures

Beside legal restrictions, GDPR applies Technical and Organizational Measures (TOMs) in order to strengthen personal data security and provide maximum transparence of data controllers' activities. TOMs include:

  • Preventing data access of unauthorized individuals;
  • Enabling access to data only after a personal authentication;
  • Recording all changes made to data;
  • Providing backup and recovery of data;
  • Separating data collected for different purposes.

Non-compliance with the regulation can lead to being penalized with a fine up to €20 million which is 4% of the annual global turnover.

What you should do to be GDPR-compliant?
  1. Update your Privacy Policy / License Agreement;
  2. Inform your team about GDPR compliance requirements;
  3. 3 Inform your customers about that
  4. Inform or request your subcontractors to follow those rules (shipping company, payment processor, bank, accountant team, external marketing team, etc).

Show customers that you’re not vulnerable. Add "GDPR Compliance" message on the create account/login/checkout page to inform your customers about your compliance.

Request for personal data deletion

Another important thing is to accept and perform customer requests to delete their data. Unless we really need these data, this request should be fulfilled.

"A data subject should have the right to have personal data concerning him or her rectified and a 'right to be forgotten' where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject. In particular, a data subject should have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent or objects to the processing of personal data concerning him or her, or where the processing of his or her personal data does not otherwise comply with this Regulation. That right is relevant in particular where the data subject has given his or her consent as a child and is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet. The data subject should be able to exercise that right notwithstanding the fact that he or she is no longer a child. However, the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims."

So if customer requests you to remove his/her personal data but you need to keep it for some reason, describe it in FAQ and LA to inform users about that.

For example users who have placed their order in EU should be backuped and saved at least for 5 years (basing on EU Laws), so you cannot remove his/her personal data right away but you should inform when and how it will be done.

It is your obligation to explain the procedure of personal data removal. For example in 5 years when the obligation to keep data for accounting expires, the customer request for removal will be automatically or manually processed and customer will be informed additionally.

Access to personal data

Another major aspect of the GDPR is access to personal data. When talking about that, you should keep in mind all business processes that you have in your company. Who have access to the personal data? What is the company offering delivery or shipping services? What is the company processing payments? Do they fulfill the GDPR?

Here are few more examples of people or positions with the access to personal data: site administrators, freelancers, hosting company, sales manager, support manager, accountant, mail client (if you’re using third-party SAAS client), CRM system, etc. You have to make sure that they do understand and follow the principles of GDPR.

Just for example - someone calls to your sales asking to provide some information about his/her order. You may decline his/her request due to GDPR compliance. You may ask him/her to identify himself/herself to make sure he/she has rights for these data.

Once again, add FAQ, Useful article or documentation and explain how personal data is treated in your business and how it can be obtained.

What if your site was hacked and data was compromised?

In case you failed to provide ultimate security for the collected personal data and your site was hacked, the first thing to do is to report about the data breach to the GDPR supervisory authority within 72 hours.

If you have not managed to make the notification within this time, you are obliged to state the reasons of the delay. You report must include the nature of data fraud, its possible consequences, contact details of your responsible protective officer and the measures applied.

If there is a high risk of violating the rights and freedoms of the individual whose data was hacked, you have to inform this individual about the data breach right away.

In case of failure to report about the fraud, you can get penalized or taken to court.

What if I’m from US. Should I follow the GDPR?

GDPR is not an obligation for the US store owners but it would be a good sign for EU customer if you follow the GDPR regulations. EU customer will feel comfortable placing an order from you keeping in mind that he/she can control the way data is gathered, stored and utilized.


The reasons of introducing such strong protective measures seem to be clear: the number of business systems and other entities requiring sensitive personal data is constantly increasing and needs to be appropriately controlled. Despite of the strictness of newly introduced regulations, eMagicOne’s policy comes in full compliance with GDPR standards and provides its clients with complete personal data security and privacy.

Read the original General Data Protection Regulation (GDPR) at: http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

Add comments if you have more questions about GDPR and we’ll do our best to assist you!


How to Get Your eBay Account Suspended: Most Frequent Reasons

A suspension notice email is not a rare thing for those who sell on eBay. The reason of such quite sad statistics is that eBay is very strict in checking products before they are listed on the marketplace.

In case you decided to use Store Manager's eBay Integration addon to export your merchandise from your Magento or PrestaShop store to eBay marketplace, the rules still remain the same. The module does not soften eBay products listing policy in any way and takes no responsibility for eBay account suspension due to its full compliance with this policy.

Among new and weird methods of violation that we've met was attempt to publish adwords ads in eBay product description. Do not try to fool eBay as you will be suspended forever without any option to recover your account or buy/sell on eBay ever.

Since the list of eBay restrictions is very long and contains many nuances, we will try to describe and explain a bunch of the most frequent reasons of eBay account suspension.

Selling items forbidden either within or outside eBay

Let's figure out what kinds of goods are not allowed to be sold on eBay:

  • Products violating copyright rules (for example, media, software or paintings etc.);
  • Food;
  • Medical drugs and devices;
  • Material which is racially or ethnically offensive;
  • Items for adults only;
  • Animals and preserved or mounted specimens;
  • Cosmetics;
  • Used clothing;
  • Alcohol and tobacco;
  • Weapons and knives.

More detailed list can be found here.

Directing customers to online pages providing other information than product details

You are allowed to place an address and phone number of your store. However, putting links to other pages containing your products or services will be fairly recognized as an advertisement and may become the reason of your eBay account suspension.

Putting false and incorrect information

Provide clear and accurate descriptions of your products avoiding keywords spamming in any parts of listing including images and meta tags etc.

Using profanity language

eBay may suspend your account for using offensive language in any public areas of eBay website including profiles, listings, chat rooms etc.

Violating eBay fees policy

There is a bunch of rules regulating paying eBay fees. Violation cases include:

  • Offers to buy products outside eBay;
  • Excessive shipping charges;
  • Offering to choose between two absolutely different products (for example, sunglasses and a shirt);
  • Listing items in a wrong category;
  • Avoiding to pay reserve price fees (cancelling bids because the seller’s price was not met);
  • Not following eBay warranties policy.

Applying tools which can damage eBay page template

It is prohibited to use HTML or JavaScript elements on eBay website because of the risk to damage the page’s structure.

Putting in product listing unique (often antique or handmade) items which are offered on other pages

If an item listed on your eBay page is unique and its inventory is set as 1, it means it cannot be substituted by other items. Consequently, if it is bought on another site, it becomes out of stock on any other page. Such unhonest tactic is most likely to cause negative feedback from customers and lead to penalties or account disabling.

Violating VeRO (Verified Rights Owner) policy

If your product listing or separate items somehow infringe the intellectual property rights of other sellers, such listings or items may be removed by eBay.

Violating the rules of sale completion policy

Such cases include:

  • Selling an item considerably different from the one described in the listing;
  • Requiring excessive fees for an ordered product or its shipment;
  • Not accepting PayPal payment via credit card regardless of putting a PayPal logo in your listing.

We hope, this article was useful for you and you recognized the reason why your eBay account has been suspended. If you have faced with any other reasons of account suspension, please share them with us in comments below to help users who are thinking about same tricks avoid suspension.

If your store is based on Magento or PrestaShop shopping platforms, you are welcome to download a trial version of Store Manager application and use eBay Integration module to create your product listings on eBay in a smooth and easy way.


Get A Perfect Match for Your Store This Valentine’s Day

Dear customers,

As the day to celebrate love gets closer, we wish your life to be full of love and joy, kindness and tenderness!

Software Made With Love

eMagicOne loves you and we all work hard to make you happy. We develop our extensions with care and do our best to make your lives easier with our software.

If you did not have the chance to experience this, give a try to our eMagicOne solutions and you will definitely fall in love with them!

Deal That Will Win Your Heart

This romantic event has also inspired us to make this day brighter with a special gift:

In celebration of Valentine’s Day,
Grab 14% off without delay!
Follow your heart,
Applying this code in the cart:


Lovely Time

Feel the magic of sweet savings for 1 heart-filled week till Friday, February 16th!

Note, the number of coupons is limited! Check how many are left at:


A Perfect Match

Don’t wait for cupid’s arrow, get perfect extensions that match for your store this Valentine’s Day.

So treat your yourself! Because eMagicOne software will be a perfect Valentine for your store.

With Love,

eMagicOne Team


Offer Details

  • 1 order = 1 coupon. Online redemption is required. Coupon is considered as redeemed when an order is completed, funds were charged and the license is generated. In case you apply coupon in the cart and do not complete checkout process, the discount won't be active once the usage is expired. Order is processed within a few minutes. In case your order has not processed yet, please place a new order (in case of duplicate, we will return the duplicated charged sum).
  • This code is not valid with other offers or discounts and cannot be combined with them.
  • The number of coupons is limited. The availability of codes one can check on our website https://store.emagicone.com/.
  • The discounts are time-limited and cannot be back-dated after they expire. Unused discounts are not refunded or returned in any way.
  • Discount does not apply to any services (only to products).


eMagicOne and NF525 Certification

From January, 2018, Article 88 of the 2016 Finance Act will require all retailers having clients in France to adjust their POS systems to newly created standards. Compliance with these requirements can be officially guaranteed by NF525 or Cash Management certificates.

Obtaining these documents, companies are assured to minimize the risk of VAT fraud by the way of sale integrity, which means strict registration of all purchases made and related taxes in order to avoid any sales data modification or removing. This way you can convince your French clients and the government of this country in having your sales information securely stored and trackable.

There are two organizations in France issuing the certificates, which can ensure complying with the law - INFOCERT (NF525 certification) and the Laboratoire National de M├ętrologie et d’Essais LNE (Cash Management System certification).

Since eMagicOne develops store managing software, our clients are often wondering if the company is NF525-certified. Store Managers for Magento, PrestaShop, WooCommerce, etc contain POS section and enable managing orders. However, all orders created by users via pos or imported using import wizard are added to the shopping cart database, no third-party databases are used. Store Manager applies shopping cart rules while operating order data and doesn’t save, store or edit orders in any other way except of the rules provided by Shopping cart itself. The program interacts with a shopping platform directly, so if the platform is certified, the software can be considered as the one complying with the new regulations.

eMagicOne team strives to keep you informed on any nuance concerning our software and services. If you have a question, do not hesitate to contact our support manager at https://support.emagicone.com


Limited Support on January, 1st

Dear Customers,

Please be advised that on Monday, January 1st eMagicOne will be providing limited support. If you have a question, please contact us via e-mail. Phone support and live chat will be temporarily unavailable.

Your requests received during that day will be replied according to the queue.

Your patience during this period is greatly appreciated. We will be back in full force and ready to help you on Tuesday, January 2nd at our usual support hours.

Thank you for staying with us.

During this period you will still have full access to your licenses. Besides, feel free to buy our software anytime at - https://store.emagicone.com


eMagicOne Team.

New Year, New Sale!

Holiday greetings from eMagicOne company! We hope this year you had a great time and we wish you happiness, prosperity, and most importantly, lots of fun for the upcoming year!

Thanks 2017!

So, before we welcome 2018, here is a little flashback of what eMagicOne has achieved during the last year:

  • Added support of latest shopping cart versions;
  • Implemented lots of new features;
  • Made muliple improvements and enhancements of existing functionality;
  • Introduced new lookbooks templates into PDF catalog creator addon;
  • Redesigned and improved eBay Integration addon;
  • Launched renewed version on Amazon Integration addon.

This is only a snapshot of a few main features introduced this year in our eMagicOne solutions. Don’t you think that you have already missed out a lot? Don’t wait anymore. Give a try!

Hello 2018!

We have decided that there is no better way to welcome New Year than kicking off new sale! Start the new year with a new resolution! Spent less time on store handling and inventory updates with smart eMagicOne solutions at attractive prices!

$50 voucher* storewide!

Use This Chance

To make use of this offer you have to:

  1. Add to cart your favourite products at our official website.
  2. * Make sure that minimal order total is more than $100.
  3. Apply promo code NEW-6QYD-YEAR to get $50 off your order!

Celebration Time

The promo will run for the next few days until Tuesday, January 2nd! So make sure you're not too late!

See You in 2018!

We do have some great surprises coming in 2018, so stay tuned.

Wishing you a wonderful holiday and a prosperous New Year full of incredible things ahead!

Promo Details

  • 1 order = 1 coupon. Online redemption is required. Coupon is considered as redeemed when an order is completed, funds were charged and the license is generated. In case you apply coupon in the cart and do not complete checkout process, the discount won't be active once the usage is expired. Order is processed within a few minutes. In case your order has not processed yet, please place a new order (in case of duplicate, we will return the duplicated charged sum).
  • This code is not valid with other offers or discounts and cannot be combined with them.
  • The number of coupons is limited. The availability of codes one can check on our website https://store.emagicone.com.
  • The discounts are time-limited and cannot be back-dated after they expire. Unused discounts are not refunded or returned in any way.
  • Discount does not apply to any services (only to products).


eMagicOne's GTIN Request Approval on Amazon

Taking a decision to start selling goods on Amazon will require you to go through a few testing stages to let the marketplace ensure your merchandise is real and legal and your activities would cause no frauds. This might take some time due to the thorough Amazon’s consideration of your request before its approval.

Product Validity Error

The most common barrier is getting reduced from the obligation to assign unique trade numbers to the inventory (Global Trade Item Numbers). The most common GTINs are EAN, UPC and ISBN:

  • European Article Number (EAN) is used for goods sold at Amazon marketplaces within Europe;
  • Universal Product Code (UPC) is used to identify items within United States;
  • International Standard Book Number (ISBN) identifies books and book-like inventory sold internationally.

If your inventory can be identified by any of these codes, there’s no need to ask for GTIN exemption. In other case, adding items to Amazon without specifying their identification numbers, you will get the following warning message: “The validity of the Product ID is checked against the GS1 GEPIR and ISBN.org databases. If your Product ID is not registered with GS1 then the linked ASIN will be suppressed and it may result in removal of your product creation privileges.”

In addition, you can let Amazon assign your inventory its own identification numbers, that are called ASIN (Amazon Standard Identification Number). ASIN is given to a newly added item automatically and is used to identify goods within its marketplaces. Enrolling in Fulfilment by Amazon program (FBA), you can store your goods in special fulfillment centers, and have your products picked, packed and shipped by Amazon. In this case during the shipping your items will be assigned unique identifiers either.

Fortunately, Amazon allows to get GTIN exemptions for some types of goods, that are non-branded, virtual, handmade, jewelry, parts of machinery etc. If your merchandize belongs to this list, you can request for GTIN exemption. This procedure is free and takes not so much time.

Sending GTIN Request

The GTIN request approvement signifies the permit to sell items without the unique identifiers. In case your goods are not manufactured by your company, before sending the request you have to supply Amazon with a support letter from your manufacturer containing your name, contact information and the manufacturer’s confirmation of not providing GTIN numbers for the inventory you plan to sell on Amazon. Besides, you have to let Amazon see your inventory. For example, you can provide links to your website with the goods images etc.

Since eMagicOne designs software products, the company sent a GTIN exemption letter. You can find it below and use as an example:

The request was approved in just a few days indicating on the clearity and reliability of eMagicOne’s activities. Here is what Amazon replied to our GTIN exemption letter:


Dec 06, 2017 03:22 AM

Greetings from Amazon Seller Support,

Thank you for your patience while we worked on this issue.

Your request for a GTIN exemption for the below mentioned Brand/Category has been approved.

Brand: eMagicOne

Category: Software

Please wait for 24 hours before you start listing your products.

While listing your products, please ensure that you specify the same Brand : "eMagicOne" for which the GTIN exemption has been approved.

This exemption is valid until 7th March, 2018.

If you do not complete listing your products, before this time frame, the exemption will expire and you will need to re-apply. The expiration of exemptions will not affect your existing listings. You will not be able to create new listings post expiration and you can always contact us again to extend the exemptions for the account.”

The approvement means that eMagicOne’s products are not required to wear the GTIN and are considered as verified and secure.

Brand Registry Program

Another way to reach the opportunity of listing your merchandise on Amazon without a unique identifier is to enroll in Brand Registry Program. This is possible, providing that your trademark is registered making your trade name eligible. A successful enrollment has also another serious advantage, which is ensuring high-level security to your Amazon trademarks and ability to regularly check it.

This month eMagicOne has been successfully enrolled in the Brand Registry Program and started putting the product listings into the store. On the screenshots below you can see that Product ID field left blank stops blinking after specifying trade name registered on Amazon.

Before (the indicated trade name is not registered)

After (the specified trade name is registered on Amazon)

As the result, your customers will have access to your product at Amazon - Store Manager for Magento on Amazon.

Have Magento, PrestaShop, WooCommerce, VirtueMart online store and you need assistance with product submission to Amazon? Drop us a line and our success managers will do their best to assist you with the submission.