Askås e-commerce platform have a number of features in regards to the european legislation GDPR.
GDPR-features in the group Features at Askås I&R AB (askas_0028)

Askås - a GDPR-secured e-commerce platform

The European data protection regulation GDPR went into effect in spring of 2018 and for Askås it meant that a long development process was completed. It was also the beginning of a new era in which we and our customers began the actual work of living up to the new legislation.

25 May 2018, the GDPR, the new European data protection regulation, was introduced. At Askås, work began on the GDPR as early as 2017. Partly to create routines and working methods internally that matched the new legislation. But also to a large extent to develop our e-commerce platform and thereby deliver necessary and effective GDPR features to e-retailers.

We hope that our way of working has been and is beneficial to our existing customers and that it creates trust for everyone who sees Askås as a future partner and supplier.

What features are included?

Authorization feature - GDPR analysis - Consent module - Logging of personal data processing - Mass updating of passwords - Removal - Right to be forgotten - Personal data export - Logged sessions in the Askås’ backend.  

See detailed information under More information below.

  • More information


    A basic foundation for being able to implement a successful GDPR adaptation of Askås e-commerce platform has been to find out what is classified as a personal data and when and where processes of this personal data are done in the system.

    This survey, which was done early in the process, was a starting point for the development of new features.

    Authorization feature - Setup accounts and conditions for controlling which backend features individual employees and entire staff groups should have the right to handle in the system.

    GDPR analysis - Feature which at the touch of a button creates a report that lists functions, customizations and external connections where personal data is involved. This report can be used as support, for example to create texts for customer consent. (See consent feature below).

    Consent feature - Create and collec consents from customers in different places and at different events in the store.

    Logging of personal data processing - When personal data somehow is altered in the system, this is logged. The log is only available for Askås but can be requested if needed.

    Mass update of passwords - Tool that make it possible for our clients to update the password of a number of customers at the same time based on given customer ID.

    Removal - Set up rules for how customer information should be stored and sorted out.

    Right to be forgotten - An end consumer has the right to demand to have personal data completely removed from the system.

    Personal data export - Feature for exporting personal data about a specific customer.

    Logged sessions in backend. - Authorization and accessibility for Askås staff to our customers' stores are regulated. The purpose is to limit unnecessary exposure of personal data.

    What responsibilities does Askås and our customers have?

    Askås has the role of personal data assistant (Personuppgiftsbiträde) and this is regulated in new and supplemented agreements between us and our customers. As a supplier and partner, we have developed our product, our e-commerce platform, and continuously informed about GDPR.

    It is our customers and not Askås who are responsible for personal data towards the end consumers. Customers decide for themselves how they want to use the GDPR features we develop. Customers must set up their own rules for removal of personal data, they write their own texts for consent and are responsible for communication with their customers. (Translated text from Datainspektionen).

    What is personal data?

    All kinds of information that can be directly or indirectly attributed to a natural person who is alive are counted as personal data according to GDPR.

    Images and sound recordings of individuals processed on a computer can also be personal data, even if no names are mentioned. Encrypted information and various types of electronic identities, such as IP numbers, are counted as personal information if they can be linked to natural persons. (Translated text from Datainspektionen)

    What does data controller mean?

    The person responsible for personal data is normally the legal person (for example a limited company, foundation or association) or the authority that processes personal data in its activities and which decides which data is to be processed and what the data is to be used for. (Translated text from Datainspektionen)

    What does data processor mean?

    The personal data processor is the person who processes personal data on behalf of the person responsible for personal data, for example a service provider or web host. A personal data assistant is always outside your own organization. (Translated text from Datainspektionen)

    More reading:

  • Costs
    The GDPR-features are included in all licenses.

    NOTE. For adaptations beyond basic functionality, and extra educational efforts, costs are added.

Sites that use GDPR-features

Care of Carl
Fashion & Accessories
Fashion & Accessories

See more features

Askås Cookie Manager
Customer friendly and flexible solution for cookie management.
Askås Product Engine
Lightning fast product listing, filtering and search functionanlity. A part of Askås Enterprise.
Askås Content Editor
Powerful and flexible drag and drop feature for building front pages, landing pages and newsletters.
Service Level Agreement
SLA, Service Level Agreement provides security and stability. You get access to an on-call support technician 24 hours...