burt

Here is the next part of the Puzzle. 0:00 Donald Duck makes an account using create_account.php on this page there is a MATC checkbox that MUST be ticked to allow the account to be created also two modals, one for privacy, one for terms Donald agrees and sets up an account. 0:36 Donald now goes to account.php and clicks to get to the GDPR page 0:44 Donald now sees everything the site knows about him of particular interest is SITE ACTIONS, where shopowner has stored the fact that Donald signed up *and* agreed to T&C/Privacy In the Database, shopowner has also stored the details; 1:03 Donald now checks out. 1:24 Donald hits checkout_confirmation.php on this page there is a MATC checkbox that MUST be ticked to allow the order to be processed also two modals, one for privacy, one for terms Donald agrees and completes his Order 2:04 Donald now goes back to GDPR page of particular interest is SITE ACTIONS, where shopowner has stored the fact that Donald agreed to his details being passed to external companies In the Database, shopowner has also stored the details;

Updated "IP Address" module has just been emailed. Thank You. And, FAIR WARN; Price of 28d package has been the same for the last 5 months. I'm increasing the price on Saturday 26th

Dead? It's at a place I am mostly happy with; php7, a bit modular, responsive etc. Good Luck to all Shopowners.

Updated "Contact Details" module has just been emailed. Thank You.

I'd say in two places; create_account.php a. records the customer signed up on X date at X time and that he says he has read your Terms/Privacy policies b. It also appears that best practice is to store the exact terms/privacy that the client signed up to. checkout_confirmation.php a. records the customer giving her permission for you to possibly divulge some of her details to external companies - payment processor, mail delivery, perhaps other things ? For #2 I say checkout_confirmation as that is the last page in the checkout procedure prior to the order being placed - I think we all agree that consent must come before the order is placed. I place it on that page also because by the time this page is reached...buyer has already made the buying decision so 1 extra tickbox here is not a deal breaker..

Updates to come prior to 25th, all of which have been pointed out by users; Missing "Telephone" in gdpr_contact_details [emailed 9:55 on 21.05] Include stored IP addresses from action_recorder table in gdpr_ip_addresses [emailed 11:50 on 22.05] There will also be updates to add in more anonymize/delete buttons as well. I am also working out some logic to have a system of checkboxes which will allow shopowner to record consent... <--- I will need a guinea-pig for that if possible please...

Thank you to all for testing. This code is now in 2341CE (aka Frozen).

https://github.com/gburton/Responsive-osCommerce/releases/tag/2341-Frozen There will be no further Code Changes. Issues will be immediately closed. What is broken, stays broken. PRs will be immediately closed. What is now there, is there. Thank You to all Shopowners and Developers who have supported the Project in the last 4 and a bit years. Personal Thanks go out to all those Shopowners who were able to support my 28d bits and pieces for 3 of those 4 years - it is you guys who have made it possible for the hundreds of other Shopowners to continue using osCommerce. A big Thank You and from me, I will not leave you guys high and dry - you have my support always, we are a Band Of Brothers. Onwards!

Any responsive site now has another advantage over a non-responsive site.

@14steve14 Obviously with a backup done first!! This first query is the "Master Blaster"... delete from customers where customers_id not in (select customers_id from orders) and customers_newsletter = 0 that will remove all customers that have never made an order AND are not a subscriber. You then need to clean out other tables, and we know that any ID that does not exist in the customers table, should not exist anywhere else; delete from action_recorder where user_id NOT IN (select customers_id from customers); delete from address_book where customers_id NOT IN (select customers_id from customers); delete from customers_basket where customers_id NOT IN (select customers_id from customers); delete from customers_basket_attributes where customers_id NOT IN (select customers_id from customers); delete from customers_info where customers_info_id NOT IN (select customers_id from customers); delete from products_notifications where customers_id NOT IN (select customers_id from customers); delete from whos_online where customer_id NOT IN (select customers_id from customers); delete from reviews where customer_id NOT IN (select customers_id from customers); delete from reviews_description where reviews_id NOT IN (select reviews_id from reviews); And that should do it. But all of this is UNTESTED...

Good catch, yes I think it does. I'm still going to remove it though, one less thing to load each page.

Thank you all for testing. Another bonus to this new system is that the page loads faster as it does not need to pull in this file; https://github.com/gburton/Responsive-osCommerce/blob/master/ext/jquery/cookie.js This is only a small file, admittedly. But it is an extra request that has to be performed. 1 less request = faster page.

Part of the GDPR list of to-do's is "Data Portability". If a customer asks shopowner for a portable copy of his/her data, you must action this within 30 days. I guesstimate that collating all the data is going to take around 30 minutes for an experienced [knows a bit of osc, the database, where to find the data] shopowner to a couple of hours for an inexperienced shopowner... Now, let us imagine that at the start of the GDPR Era, customers of shops go mad for wanting their data, and you get 4 requests per week for customer data. At the least this is TWO HOURS of wasted time! With the latest Mod (which everyone does now have)...all you have to do when you get such a request; Now instead of taking 2 hours to do 4 of these customers each week, it'll take you 30 seconds to ask them to login and download their data Let us say that instead of 4 per week, you get 4 per day (this is not outside the realms of possibility) as the whole of Europe now has access to their data ...and that would be at least hours out of each week. In My Opinion Module pays for itself after the first couple of Data requests Upcoming I still have a couple more pieces of the GDPR jigsaw puzzle to come, and these will come before the 25th. I want to try to help to smooth what could be a rough time for us all.

The main reason I would like to use this new code is to dump this Cookie that the grid_list uses. If we can dump that Cookie, shopowners may no longer have to ask people to accept Cookies as all the Cookies in the Edge download are then absolutely required for it to perform its primary function => allow shoppers to buy your stuff. Please feel free to have your say on that.

It does now. Test?