Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


14steve14 last won the day on April 16 2017

14steve14 had the most liked content!


Profile Information

Recent Profile Visitors

124,543 profile views
  1. From the webinar I took part in, it seems that you need to get explicit consent to store the data. When getting that consent you have to link to your privacy policy which should detail what you will do with that data once you have it, and how you will protect it. You don't need to ask for consent every time as they have already agreed to how you use it. One idea that was agreed that could eliminate some confusion for customers is to have pop up boxes when a customers clicks on say the email box when creating an account with a short bit of text as to why you need to give that information.The box would then disappear when they start typing assuming that they read it. What was stressed as being very important was storing the date that consent was given, which oscommerce could do as it records the date that the account was created. As long as there is a checkbox on that page then all should be fine. There will be a lot more confusion to come yet. It will be good to see what some of the larger websites do.
  2. Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time.
  3. @MrPhil its not a case of just moving to the US or somewhere else. It affects everyone that sells to customers in the EU. Moving to the states means you would still need to comply, though how it will be policed and enforced I have no idea. Gary beat me to it. Its another EU fudge up if you ask me. I can see what they are meaning to do, but in true EU fashion they make it too complicated. Just including data that has already been collected made it almost unworkable. If I have to get confirmation from all my customers before I can once again store their data, I will be spending so much time deleting stuff, that nothing else will be done. @ArtcoInc As Gary says that will need to be mentioned in the privacy policy for the site.
  4. You need to let your customers know that you pass on their information to outside sources and need their permission to do so. So not only should it be in your privacy policy, you will also need a tickbox to confirm that you can share it. On the create account page you will also need a tickboc to say that a customers has read and understood not only your t&cs but also the privacy policy. Or thats how I read the regulations.
  5. 28d, 2018

    On the GDPR module. Thinking about when a customer logs in and deletes their data, should a record be kept that remembers the date that the data was removed and who removed it, and how it was removed just in case there was a complaint that an account has been deleted. So something like 19/02/2018 Mr Fred Bloggs asked for removal of data and data was removed by admin or 19/02/2018 Mr Fred Bloggs logged in and deleted data. On a side note. If someone were to phone me up and ask for the removal of their data, or even for a copy of their data, they would need to send proof of identity to show they are who they say they are. It would be against GDPR regulations just to believe a person. This could cause so much extra work for a lot of businesses.
  6. There is an EU site all about these regulations here https://www.eugdpr.org/eugdpr.org.html. Have a read, there is a lot to take in. GDPR has actually been in place for almost 2 years now, its only now that the final time limit to implement it that its come to people attention. Remember that its up to everyone as a business to find out about law changes that apply to their business. The hardest part I think to comply with will be to make sure that the person that is asking to have their data removed, is actually the person the data is about. I have been told that one form of photo ID and a utility bill to prove the address should be enough. I cant see many people that will like sending that to businesses. Which is why I believe that gary's idea of a page to see what data peoplea re keeping is a good idea. Let people delete their own data as they should be the only person that should know the password required to get to the data.
  7. GDPR is more about what you do with peoples personal data. You have to tell people why you need their data and what you will do with the data. As I see it a guest checkout can be used as long as you let people know what of their data you will keep and why. If you dont keep and store any of their data just let them know that you will only keep info for invoicing and tax reasons. Saying that I may be totally wrong but may be it should be looked into. I would
  8. Hasnt Gary @burt just released something like this in his 28 days of code.
  9. Progress Update

    Two months have passed since the initial posting. Is there any more news as it seems to have gone quiet again.
  10. Whilst it may not be what you are looking for but Google Analytics have lots of information including things like browser and operating system. Hopefully you have agged the code to your site already. If not you should.
  11. If you feel that transferring your data from one version to the other is too complicated, then pay someone to do it. Thats what I did and it was no where near as expensive as I thought it would be. It was also done quickly so the store was not down for long.
  12. Upgrading osCommerce 2.2 RC2a to PHP 5.6

    Its up to you what version you use. Do you want something that is responsive and has new addons being made for it, or do you want something that is old fashioned and very few new addons being made for. If you want modern use the community bootstrap version from Github. If you want old fashioned use the official outdated version available from here. In my view the decision is really easy and something should be done to remove the confusion you are having. Its a shame that those in charge seem to make promises and do nothing which is frustrating, but its their bat and their ball and they can do what they like.
  13. I took part in my webinar on Friday and here are some of the main points that were raised. Apart from what has already been mentioned by some, the main points worthy of getting a mention here are:- 1. You need to keep info about when someone gives consent. Things like the date will suffice, so that if questioned you can show when the consent was given. 2. Apart from usual personal data that everyone considered, there is also things like forum nicknames, facebook and twitter names, which are all considered personal identifiable data. 3. Have to remove data when asked and can no longer charge to give customer all their info when asked under subject data requests. Days given to produce this information have also beed reduced. 4. The most surprising one, and the one that may be the hardest to sort out. Any personal identifying data already collected also has to comply. 5. There was some suggestion that some sites are already using tooltip type features when customers fill out any identity data on web forms. So when filling out say the email address on the account creation page, a tooltip pops us and explains why the information is needed. 6. A rewrite of most terms and conditions, privacy policies and cookie policies are needed to account for the new rules and regulations. 7. Agreement to terms and conditions, and also privacy policy should be given somewhere on the site most suggested when creating an account. If you use a guest checkout you need to do similar. 8. You also have to let people know what information you will keep even if asked to remove all data as some has to be kept for legal reasons like tax, accounting and VAT, but once the time limit is up on these you must delete the data. So deleting something like invoice or VAT records after 6 years if you had been asked to delete all personal data for a customer. 9. Should you find out about a data breach not only do you have to inform the ICO, you also have to inform all of your customers whose data you are keeping. Some large UK companies have already been find in accordance to older legislation after a data breach because they had not immediately informed their customers whose data was affected. Those fines will be increased in the future. Most of this has been in British law for a while now, but everyone has until 25th May to fully comply. There are loads of good videos on youtube to watch if people want to. This apparently is only the beginning of a set of major changes that will take place over the next year or so, but some may be changed due to Brexit. Its being done to bring the same features, rules and regulation to all EU countries and anyone that collects any data about any EU citizen.
  14. 28d, 2018

    I have something similar to this on my site. Its an older addon called ask a product question, and its surprising how many times it getds used. Will try this out to later.
  15. Updated Stripe payment module

    @BrockleyJohn My older installation seems to be working fine, its just that as its a module developed by Harald, then I was sort of hoping that maybe there was just the faintest hope that it my be officially updated, but lets not go there. Thats not to be by the looks of things. If I knew what I was doing I would have a stab at it, but thats way above my pay grade.