For consumer data protection, the vast majority of SiteBuilder users are best served by setting Account Creation Behavior to Create New User as Customer.
Essent ecommerce platform customers who ship orders to European countries are highly encouraged to configure SiteBuilder™ to help comply with the General Data Protection Regulation (GDPR).
Essent ecommerce platform customers who don’t do business in Europe are also encouraged to use the configuration in the interests of data protection in general.
Within SiteBuilder, edit the site you would like to configure. Open Site Settings, then Site Detail, and then locate the Account Creation Behavior field. For any ecommerce website where the general public can make purchases the Account Creation Behavior field should be set to Create New User as Customer.
This setting determines how buyers on SiteBuilder ecommerce websites create new accounts, either as individual customers (highly encouraged for most scenarios) or as contacts within an existing customer company.
There are very few and very narrow circumstances, notably with private company stores, where any other setting in this field should be considered. Almost all companies in almost all situations are best served simply to set the Account Creation Behavior field to Create New User. In general, this setting should be your default.
The Account Creation Behavior field can also be set to Create New User as Contact allowing for self-service user account creation for cases where a website is private for a specified organization.
The ability to allow a user to establish an account by adding themselves as a new contact to an existing account is natural and preferred functionality of a private corporate procurement website. The behavior allows for teams, departments, or even an entire organization to create their own user accounts. This is preferable, and in some cases mandated, for some corporate buying situations depending on the needs of the buying organization. It is a powerful SiteBuilder option, but it needs to be implemented at the direction of the buying organization and is not safe as a default account creation behavior.
In a shared account configuration, data is shared. If the user is not authorized to see private information there is a data breach. This would be a data breach punishable under GDPR by a fine up to 4% of the company’s annual income. Companies that do not sell in Europe would not be subject to the GDPR fine, but a data breach would have occurred nonetheless. From a GDPR perspective this is the wrong configuration for a public website with self-service account creation.
The Create New User as Contact setting, is only suitable if:
In short, Create New User as Contact should only be used for private sites where every user is from the same company. If some users are direct employees and other users are contractors, the criteria are not met. If some users are members of one contractor, and other users are members of another contractor, the criteria are not met. If some users are members of a single contractor, but other users are franchisees, the criteria are not met. And so on.
In the vast majority of scenarios, whether governed by GDPR or not, Essent ecommerce platform customers should use Site Settings then Site Detail to set the Account Creation Behavior field to Create User As New Customer.
Get the latest Essent Support Notices delivered right to your email inbox.
Essent is the leading provider of fully-integrated business management software solutions and services for process-intensive industries and the largest trading network for the promotional products industry. The Essent family of fully-integrated products and services combines best practices, business processes, software automation, and network communications to deliver unparalleled, unified business management solutions. Since 1980, Essent has offered the systems, service, software, and support critical to success in today's highly-competitive marketplace.