Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Who in the EU has heard of GDPR and will it affect you


14steve14

Recommended Posts

1 hour ago, yahalimu said:

Hi,

We don't send newsletters/unsolicited emails. (as yet) so have sent out no consent emails. If I did I would use mail-chimp as we've had issues before with mass emails from the shop and getting IP blacklisted by gmail and live and other 'learning' or 'intelligent' spam filters due to sheer numbers  of new mail and customers sticking in them their spam folder..

Although many are sending consent emails to everyone in their database, as I read it customers you have a 'relationship' with (ie. order regularly or at all) do not need to consent to the new privacy policy unless you intend to mail them.

I have put a notification on the log-in and added the privacy policy to the MATC tickbox.

I have NULL'd all newsletter entries before 25th May as the newsletter tick box was pre-ticked previously. Since I pre un-ticked the newsletter box the rate has dropped from 80% to 7% of customers requesting it.

I've deleted all inactive accounts with no purchases older than 5 years and email T&C's (inc. privacy policy) on every order confirmation

If and when we do decide to mail out newsletters I will then send all the pre May 25th customers (all 26,000 of them) advising them of the new PP (which apparently needs no permission/opt-in) and they will now have to opt-in to newsletters if they want them, possibly with the bait of a discount code (which is seeming popular) and how to delete their account,no real rush til then I think.

I'm sure someone is going to tell me that's wrong but after reading all the differing interpretations those are mine. I think just wait and see how it all rolls out and react accordingly.

 

 

 

 

 

If you do not legitimately have customers consent which it sounds like you dont, as the box was pre ticked, you wont be able to email your current customer list. You could have done it before 25th but you didnt.

But that is my interpretation of the rules.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

  • Replies 279
  • Created
  • Last Reply

Hi,

To send them newsletters or anything they need to consent to yes.

But the GDPR also says it is also a requirement to inform all customers of any changes to the privacy policy, whether they are a newsletter subscriber or not and does not need consent.

This obviously can be at any time.

 

 

 

 

 

Link to comment
Share on other sites

46 minutes ago, yahalimu said:

Hi,

To send them newsletters or anything they need to consent to yes.

But the GDPR also says it is also a requirement to inform all customers of any changes to the privacy policy, whether they are a newsletter subscriber or not and does not need consent.

This obviously can be at any time.

 

 

 

 

 

As long as you are only emailing those customers about their orders, customer services relating to orders or sales or policy changes thats fine. There is something in the regulations about a line between normal transactional emails and marketing emails.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

I don't see anything wrong with having several links to more detailed information (so long as they don't drop their own cookies, etc.). How can you make an informed decision on such things without information? The objection here is that you MUST accept their terms, simply to proceed. There does not appear to be any way to use the system without having accepted their terms, which IS contrary to GDPR and other laws. I suppose they could add something like "If you do not accept these terms, it is not technically possible for you to use our system (it uses cookies, etc.)", but even that may be problematic.

Link to comment
Share on other sites

Na! not worth the effort. Thats just a widget lots of those have been doing the rounds, I've had loads of tel sales bugging me telling me my site needs them :laugh: , The EU have a help site which gives info on it. Intrestingly they dont require anything that fancy just yes or no.

http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm#section_5

Its ironic that on there site to download Documentation Cookie Consent Kit they as for you email!!!  :laugh:

 

 

 

 

Link to comment
Share on other sites

11 hours ago, wHiTeHaT said:

There is already 3 links in THAT cookie message.
So i do not think that this is the legal way.
Assuming before i accept anything i would like to read more about their "brands", "learn more" " manage your privacy settings".

or do i miss the whole thingy here?

100% not legal per the GDPR regulations.

What they say is;

click any link and you have accepted.

But what if I want to view their terms/privacy and then decline.  

Link to comment
Share on other sites

Just now, wHiTeHaT said:

It is official unofficial

:thumbsup::biggrin: cool lest see if we can get people to use it. But I have to be carfull dont want to upset anyone. So its only unofficial support. :smile:

 

Link to comment
Share on other sites

  • 3 weeks later...

We did spend quite some time adapting. We bought a GDPR-software which had several templates. Everything from incoming orders, handling, newsletters and storage of data have been described thoroughly. The software certainly made it quicker to become compliant. 

Link to comment
Share on other sites

  • 1 month later...

https://www.business2community.com/cybersecurity/gdpr-2-0-comes-to-the-united-states-02092832

GDPR 2.0 Comes to the United States

On June 28 2018, California Governor Jerry Brown signed into law AB 375, the California Consumer Privacy Act (CCPA) of 2018. The statute, seen as one of the toughest privacy laws in the United States, will require companies to tell California residents what information is being collected and how it’s used. You have 18 months to get ready.
 
 
 
 
 
 
 
 

For organizations already actively complying with the requirements of the European Union’s General Data Protection Regulation (GDPR), the CCPA will have little impact. You are already doing what you need to do to comply, as the California statute’s intent is very similar to GDPR. The goal of both of these laws — and the Australian Privacy Principles — is to give consumers ownership and control of their personal data. And it provides the legal bite to ensure compliance.

If your US-based organization, however, has not started or believes that the GDPR will not have an impact on your local business, the new law is more than a wake up call, it’s your fire alarm. And where California goes, many other states will follow.

The new law will more than likely require a thorough review of your data security controls or risk expensive litigation and fines.

Here’s a quick look at the highlights:

  • California’s Attorney General’s office will have the authority to enforce the law when it goes into effect in January 2020.
  • It has provisions for allowing people to tell companies to delete or stop selling their information.
  • The law does not force companies to stop collecting information OR provide provisions for consumers to request companies stop collecting their information.
  • Like the GDPR, the California law has a broad definition of PII (IP addresses, geo-location and browsing info [cookies])
  • The California law has an exception for personal information “de-identified or in the aggregate consumer information;” however, the law doesn’t give much detail on the identifiers that are not subject to scrutiny.
    • Aggregation of information might also be an alternative way for advertisers to ignore the law.

With 18 months to enforcement, companies need to start today. Most companies focused on security and compliance already maintain formalized incident response, disaster recovery/business continuity plans as well as comply with encryption/data anonymization for sensitive data storage and have gone through at least a rudimentary data-mapping process that should easily surpass the California requirements. If that isn’t the case for your organization, implement the GDPR methodologies and processes to comply with the CCPA and you will be set for any eventuality.

Link to comment
Share on other sites

Nice!  When I first heard about GDPR I was "bloody EU meddling bas---- bureaucrats".  Since it came into force, I've got my details removed from numerous sites with no questions asked.   

So, good for California - what you guys will see is some resistance from Shopowners to the whole idea, then when it comes these shopowners will realise "hey that was easy".  And when it is in force...most "Joe Average" will find it useful.  And yes, I agree...what one state does...the rest will follow.

Link to comment
Share on other sites

Well then, applications such as osCommerce should be GDPR/CCPA ready right out of the box, with all the places explaining what the site does with your data ready to be filled in (or customized), and all the tools in place for customers to make requests and manage their data. Not add-ons -- built right in, as it will be needed almost everywhere.

Link to comment
Share on other sites

I don't care what form it takes, so long as it's not something that a store owner has to go looking for and install separately. Turning it on manually is OK, but it has to be built in. Any store software that has it built in is going to have a major advantage over all others where it's an "extra" afterthought, because almost everyone is going to have to use it.

Link to comment
Share on other sites

I'm 100% sure that things will be removed from Core, in order to make it;

  1. easier for "Team" (hahaha) to support
  2. easier for coders to code new stuff
  3. easier for shopowners to have a choice of what they want

I can't imagine any scenario where osCommerce gets more things added.

As for GDPR things:

  • There is already a very good GDPR system available for these (as you put them) "business people who don't want to be computer wizards" .
Link to comment
Share on other sites

But where would the legal stuff stop. GDPR, Taxes, VAT and all the different legal rules from every country,  the code would be a nightmare. May be there should be a package available for each country, similar to the concept of a language pack, that would include all the legal stuff for all the countries, all as modules. Each pack could them be maintained by someone with an interest and knowledge of the laws in each countries. Each pack could also contain things like currencies set up, date and address layouts, and so much more, but it will take lots of organising and will soon become a headache,and would get left and then become outdated because only a few people would want it, and others couldnt be bothered to update things as needed. It would become a mess like many other addons. It would also mean more work in altering the core code to allow these things to be added as a package.

The only trouble being this will never happen as no one can access the core code, and without help Gary cant do everything on his own.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

Politicians flip & flop all the time, It would be a nightmare keeping it up to date with every change! Also giving league advice in the core or as an add-on is not wise as it would open OsC to legal complications. Its best people get advice from own local legal experts so there is no comeback on OsC. People should be getting there T&S and other stuff legally check anyway.

I would definitely keep it out of core.

 

Link to comment
Share on other sites

* update *

The recently passed law here in California has this provision:

What “Businesses” Are Covered?

The CCPA broadly applies to “businesses” that operate for-profit and (1) have an annual gross revenue of more than $25 million, (2) buy, receive or share for commercial purposes, or sells personal information of 50,000 of more consumers, households, or devices, or (3) derive 50% or more of their annual revenue from selling consumers’ personal information. The CCPA also applies to entities that share common branding with a qualifying “business” and that controls or is controlled by that business.

(fwiw)

PS:

Some more "interesting" reading ...

https://digiday.com/media/wtf-california-consumer-privacy-act/

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...