Articles on: Getting Started

GDPR checklist for Shopify Stores

Overview


This checklist helps you review the main compliance setup points for a Shopify store using Pandectes GDPR Compliance.


Use it to confirm that your banner, consent model, tracking behavior, privacy pages, customer data request options, and EU withdrawal workflow are configured where needed.


Before you start


Make sure that:


  • The Pandectes app is installed.
  • The Pandectes app embed is enabled.
  • Shopify’s default cookie banner is removed if Pandectes is used as your main banner.
  • Your privacy policy and cookie policy pages are ready or planned.


Compliance checklist


Area

What to check

Related guide

Main setup

Confirm the app embed, Shopify Customer Privacy settings, banner setup, and privacy pages are configured.

4 steps to ensure compliance

Consent model and regions

Confirm the correct consent model is applied for the regions where your store operates.

Consent model and regions for the new banner

Automatic blocking

Confirm that scripts, pixels, and iframes are blocked before consent where required and where supported by your setup.

About automatic blocking

Customer data requests

Provide a page where visitors can submit data access, update, export, or deletion requests.

Customer data requests guide

Withdraw or change consent

Make sure visitors can reopen the banner or preferences panel and update their consent choices.

Review your banner settings

EU Withdrawal Button

If your store sells eligible B2C products or services online to EU consumers, review whether you need a digital withdrawal function.

EU Withdrawal Button


Key checks


  • Cookie consent banner

Confirm that the banner is enabled and shown according to your selected regions and consent model.


  • Consent model and regions

For the new banner version, use consent models and regional rules to control how consent is collected in different locations.


  • Privacy Policy and Cookie Policy

Add clear links to your privacy policy and cookie information from the banner.


  • Customer data requests

Provide a page where customers can submit data-related requests.


  • Tracking scripts and cookies

Review tracking scripts, pixels, and iframes. Use automatic blocking where needed so non-essential tracking does not run before consent.


  • Withdraw or change consent

Make sure visitors can reopen the banner or preferences panel to update their consent choices.


  • EU Withdrawal Button

From 19 June 2026, in-scope online B2C stores selling to EU consumers may need to provide a digital withdrawal function. Pandectes provides an EU Withdrawal Button feature for this workflow.


Notes


This checklist is a technical setup guide. It does not replace legal advice.


Some tracking tools may require additional setup depending on how they are installed on your store.


If you use the new Pandectes banner, configure consent behavior through consent models and regional rules instead of legacy banner types.


The EU Withdrawal Button is available on Premium and Enterprise plans. Review this feature if your store sells eligible products or services to EU consumers. The requirement applies from June 2026 for in-scope online B2C contracts.



  1. Complete the main setup flow: 4 steps to ensure compliance
  2. Configure regional consent behavior: Consent model and regions for the new banner
  3. Review script blocking behavior: About automatic blocking
  4. Review the EU withdrawal workflow if you sell to EU consumers: EU Withdrawal Button


Need help?


If you are unsure whether your setup is correct, contact Pandectes support from inside the app or by email at [email protected].

Updated on: 03/07/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!