A popular webshop extension for Joomla is VirtueMart. With a webshop you need to store personal information like name, address for legal obigations (invoices) and to fullfill your contract (the order).
This component has been available since 2005. It is a highly configurable and customizable multi-language shopping cart solution for Joomla 2.5 and Joomla 3.
Virtuemart and GDPR
Interesting discussion about what to consider / change in Virtuemart:
For security reasons (to protect possible personal data on invoices), it is advised to put the invoices folder outside the webroot of the website. You can configure the folder ("Safe path") that VirtueMart uses for storing invoices and downloadable files. You should specify that folder in the Virtuemart configuration:
VM Configuration > Templates > Media File Settings
Visit the Virtuemart documentation for more information.
General tips for webshops
- use SSL for your website so that all communication is transported through a secured line
- inform your visitors and customers about cookies
- only collect necessary data
- check for payment providers - they are processors and you need processor contracts with them
- inform what data is stored and how long
- if you store IP-address inform people