GDPR checklist for Shopify Stores
Overview
This checklist helps you review the main compliance setup points for a Shopify store using Pandectes GDPR Compliance.
Use it to confirm that your banner, consent model, tracking behavior, privacy pages, customer data request options, and EU withdrawal workflow are configured where needed.
Before you start
Make sure that:
- The Pandectes app is installed.
- The Pandectes app embed is enabled.
- Shopify’s default cookie banner is removed if Pandectes is used as your main banner.
- Your privacy policy and cookie policy pages are ready or planned.
Compliance checklist
Area | What to check | Related guide |
|---|---|---|
Main setup | Confirm the app embed, Shopify Customer Privacy settings, banner setup, and privacy pages are configured. | |
Consent model and regions | Confirm the correct consent model is applied for the regions where your store operates. | |
Automatic blocking | Confirm that scripts, pixels, and iframes are blocked before consent where required and where supported by your setup. | |
Customer data requests | Provide a page where visitors can submit data access, update, export, or deletion requests. | |
Withdraw or change consent | Make sure visitors can reopen the banner or preferences panel and update their consent choices. | Review your banner settings |
EU Withdrawal Button | If your store sells eligible B2C products or services online to EU consumers, review whether you need a digital withdrawal function. |
Key checks
- Cookie consent banner
Confirm that the banner is enabled and shown according to your selected regions and consent model.
- Consent model and regions
For the new banner version, use consent models and regional rules to control how consent is collected in different locations.
- Privacy Policy and Cookie Policy
Add clear links to your privacy policy and cookie information from the banner.
- Customer data requests
Provide a page where customers can submit data-related requests.
- Tracking scripts and cookies
Review tracking scripts, pixels, and iframes. Use automatic blocking where needed so non-essential tracking does not run before consent.
- Withdraw or change consent
Make sure visitors can reopen the banner or preferences panel to update their consent choices.
- EU Withdrawal Button
From 19 June 2026, in-scope online B2C stores selling to EU consumers may need to provide a digital withdrawal function. Pandectes provides an EU Withdrawal Button feature for this workflow.
Notes
Recommended next steps
- Complete the main setup flow: 4 steps to ensure compliance
- Configure regional consent behavior: Consent model and regions for the new banner
- Review script blocking behavior: About automatic blocking
- Review the EU withdrawal workflow if you sell to EU consumers: EU Withdrawal Button
Need help?
If you are unsure whether your setup is correct, contact Pandectes support from inside the app or by email at [email protected].
Updated on: 03/07/2026
Thank you!
