Don’t worry. It’s no big deal.
So what is the GDPR? Basically it’s the European Union’s General Data Protection Regulation (GDPR) and it came into effect on May 25, 2018.
As a merchant, you are generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it is handled. Additionally, though it is a European regulation, the GDPR might apply to your business if you make goods and services available in Europe, even if you or your business are not located in Europe.
But here’s the key: if you aren’t selling or storing customer data unrelated to your online sales then you’re already compliant. The next step is to delete customer data upon request, however you are entitled to keep records around for some length of time necessary to operate your business, which could be a number of years depending on your tax obligations.
GDPR is a badly written law meant to address large scale data mining. They did not consider the implications for small shops such as yours.