What To Do
For consumer data protection, the vast majority of SiteBuilder users are best served by setting Account Creation Behavior to Create New User as Customer.
- Within SiteBuilder, open the specific site.
- Within the specific site, open Site Settings.
- Within Site Settings, use Site Detail.
- Within Site Detail, use the Account Creation Behavior field.
- Set the Account Creation Behavior field to Create New User as Customer.
Essent ecommerce platform customers who ship orders to European countries are highly encouraged to configure SiteBuilder™ to help comply with the General Data Protection Regulation (GDPR).
Essent ecommerce platform customers who don’t do business in Europe are also encouraged to use the configuration in the interests of data protection in general.
Within SiteBuilder, edit the site you would like to configure. Open Site Settings, then Site Detail, and then locate the Account Creation Behavior field. For any ecommerce website where the general public can make purchases the Account Creation Behavior field should be set to Create New User as Customer.
This setting determines how buyers on SiteBuilder ecommerce websites create new accounts, either as individual customers (highly encouraged for most scenarios) or as contacts within an existing customer company.
There are very few and very narrow circumstances, notably with private company stores, where any other setting in this field should be considered. Almost all companies in almost all situations are best served simply to set the Account Creation Behavior field to Create New User. In general, this setting should be your default.
The Account Creation Behavior field can also be set to Create New User as Contact allowing for self-service user account creation for cases where a website is private for a specified organization.
The ability to allow a user to establish an account by adding themselves as a new contact to an existing account is natural and preferred functionality of a private corporate procurement website. The behavior allows for teams, departments, or even an entire organization to create their own user accounts. This is preferable, and in some cases mandated, for some corporate buying situations depending on the needs of the buying organization. It is a powerful SiteBuilder option, but it needs to be implemented at the direction of the buying organization and is not safe as a default account creation behavior.
In a shared account configuration, data is shared. If the user is not authorized to see private information there is a data breach. This would be a data breach punishable under GDPR by a fine up to 4% of the company’s annual income. Companies that do not sell in Europe would not be subject to the GDPR fine, but a data breach would have occurred nonetheless. From a GDPR perspective this is the wrong configuration for a public website with self-service account creation.
The Create New User as Contact setting, is only suitable if:
- Every site user is a direct employee of the seller (where the seller must have W2 form or the local equivalent thereof from the Customer specified in the setting)
- Every site user is of the same contractor company (where the seller must have a 1099 form or the local equivalent thereof from the Customer specified in the setting)
- Every site user is a franchisee of the same franchise (where the direct employer must have a signed franchise agreement with the Customer specified in the setting)
In short, Create New User as Contact should only be used for private sites where every user is from the same company. If some users are direct employees and other users are contractors, the criteria are not met. If some users are members of one contractor, and other users are members of another contractor, the criteria are not met. If some users are members of a single contractor, but other users are franchisees, the criteria are not met. And so on.
In the vast majority of scenarios, whether governed by GDPR or not, Essent ecommerce platform customers should use Site Settings then Site Detail to set the Account Creation Behavior field to Create User As New Customer.