What does the GDPR mean for DaWanda Sellers?

Below is some important information about the changes caused by the entry into force of the GDPR in the context of DaWanda Sellers, prepared by Onwalt.de (Wegener & Adamaszek Rechtsanwälte).

On the 25th May 2017, the European Union’s General Data Protection Regulation (GDPR) took effect. In case you haven’t heard of it before, the General Data Protection Regulation (GDPR) is a new European Union (EU) regulation governing data privacy, which places new requirements on individuals and businesses offering services both within and into the EU.

The GDPR has two main aims:

  • to create a unified level of protection for personal data across the European Union
  • to give transparency to the handling of personal data.


We stand behind the principles of the GDPR’s implementation – companies should be held accountable and be transparent when it comes to what personal data they collect on their customers and why, and customers should ultimately be the ones in control of their own data. 

Does the GDPR affect me if I am only a “small” online seller?

The GDPR requires each “responsible person” to publish their own Personal Data Protection Policy. Every Seller at DaWanda is obliged to create and share such rules in their shop – small entrepreneurs and hobby craftsmen alike. DaWanda as a platform has its own policy for the protection of personal data. However, it only applies to the data with which DaWanda deals directly. For other data, the exchange of which takes place during the execution of the order and in every step aimed at closing the transaction (also during the response to inquiries and special wishes of clients, issuing invoices, printing a label for a postal order, procedures for processing returns and complaints), the Seller is responsible, and therefore each of our Sellers must define their own Personal Data Protection Policy for their shop. Therefore, the Privacy Policy prepared by DaWanda and that prepared by the Seller will not be identical, but they will complement each other.

What should the Personal Data Protection Policy contain?

The Personal Data Protection Policy is a text similar to the Terms & Conditions and Cancellations & Returns Policy in your shop. The necessary information for the Personal Data Protection Policy can be created on the basis of the GDPR itself. The Personal Data Protection Policy must specify all types of data which the Seller possesses. In addition, for each type of such data, the Seller must specify the purpose of their possession and the manner of use; the manner of use is also the exact time of storage of the information and the right for the buyer (interested person) to have access to said information. We recommend applying for professional consultation, as creating a Personal Data Protection Policy based on the GDPR may be complicated and can lead to the imposition of financial penalties if incorrectly handled.

How to properly protect the personal data you have stored?

The GDPR requires every responsible person to protect the personal data they have stored against access by third parties or sudden unintentional loss. For DaWanda Sellers, this means, at minimum, a secure access to their DaWanda accounts and computer, and regular backup of stored data, including:

  • Creating a strong password to access your DaWanda account.
  • Storing data without access to other people, even family members.
  • Using a strong password to access your computer – but different to that of your DaWanda account.
  • Securing your computer’s hard drive so that in the event of theft, the thief would not have access to the personal data stored on the disk.
  • Regular backup. It is recommended to use an external drive protected with a password and stored in a place other than the computer. In this way, the recovery of customer personal data and transaction history is easy and likely in the event of theft of the computer.
  • Additionally, printed customer data should be properly secured so that in normal circumstances no third parties have access to them (e.g. in a safe or a closed cabinet).

Consider consulting with a lawyer for guidance on how these new rules could directly affect you.

What about the obligation to document?

With the entry into force of the GDPR, the documenting rules also change. Each Dawanda Seller is required to create a document which lists all activities related to the storage of personal data.

The record of your processing activities should contain the following information (among others):

  • name and surname or name and contact details of the administrator and any co-controllers, as well as, where applicable, the representative of the administrator and the data protection officer;
  • processing purposes;
  • description of the categories of data subjects and categories of personal data;
  • the categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or in international organizations;
  • where applicable, transfer of personal data to a third country or international organization, including the name of that third country or international organization, and in the case of transfers
  • if possible, scheduled dates for deletion of individual categories of data;
  • if possible, a general description of the technical and organizational security measure.


The record of your processing activities is not identical to the Personal Data Protection Policy. On the one hand, both documents differ in content, on the other, the Records of processing activities do not have to be published in your shop. It rather serves internal documentation and must be available to the relevant administrative authorities on their explicit request. On this basis, the appropriate administrative body may decide whether the Seller is responsible for customer data in an appropriate and compliant manner.

Particularly a general description of the technical and organizational security measures for online sellers is not easy to make due to their strictly technical descriptions. To be on the safe side, please consider consulting with a lawyer for guidance on how these new rules could directly affect you.


Good luck with your GDPR updates,

Your Team DaWanda

If you like this article, bookmark the page or share it with friends:

Post from Emilia Kuerau

write at 30.05.2018 - 10:27.

Category: DaWanda


  1. Jacinta (03.06.18 10:11 Uhr)

    Can you please tell me where sellers are supposed to enter their GDPR policies in their shops? I can’t see anywhere to enter this information on the Edit My Shop page and I can’t find any other relevant page to do this on.

  2. Emilia Kuerau (06.06.18 09:17 Uhr)

    Hello Jacinta,

    Thank you for writing. Please go here to edit Terms & Conditions:

    To edit or add Return Policy go here:

    If you have any further questions, please let us know at sell@dawandamail.com

    Good luck,

    Your Team DaWanda