Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Who in the EU has heard of GDPR and will it affect you


14steve14

Recommended Posts

They are 3 things to take in consideration.

One for the customer account, it can be included inside the core and to be modular

Second out of the customer account, in this case, it's better to have an add-on could be downloaded because it can be some consideration to take. use google analytics or not, Facebook ..... Every Thing is specific. for every shop. I make a contribution available on the forum tarteauxcitrons and recommended by the French CNIL. This script could be interesting.

3 Allow the administrator to satisfy a customer request.

 


Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

 

Link to comment
Share on other sites

  • Replies 279
  • Created
  • Last Reply
On 8/14/2018 at 10:54 AM, burt said:

I really hope some people are saying things "for effect" rather than for real.

It's all down to interpretation of the law and until its challenged in court everyone will be taking a different approach.   I doubt if the average small business is going to be able to afforded legal council like some of the big boy's. So advice will be on the safe side just to cover there behinds as always. 

It's interesting to note that many of the big corporate business have taken a more subtle  and low key approach. Many are simply displaying a simple message on the main page like this.

"This site uses cookies to deliver our services and to show you relevant information and product listings. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service. Your use of “Company Name” Products and Services, including the “Company Name” website, is subject to these policies and terms."

and not festooning the sites with tick boxes or warnings.

 

Link to comment
Share on other sites

By using our site, ... you have read and understand

I see a lot of that too, but I'm willing to bet someone will challenge that in court as not being explicit permission to gather and store personal information. It's entirely possible that courts will rule that an explicit action (ticking a box, pressing a button, dancing the hootchiecoo) will need to be taken to prove that the shopper accepts the conditions.

Link to comment
Share on other sites

True but it's likely to interpreted differently in each country and most courts will take a sensible and pragmatic approach to this.

One site I visited recently shows how silly some people are in it's interpretation 😂 a simple blog/news site which use to be fine to surf, now you are faced with a blurred homepage and a modal saying you must accept our terms and conditions  to use our site!! and unless to accept you simply can go no further. Talk about ruining a businesses. I wonder how much they paid for that expert advice. 🤣

Like all these issues there will be a happy middle ground that most will adopt. I have checked with most of the business large or small, both private and government that I deal with, and so far all have opted to take the softly softly approach, for now I'm sticking with that approach.    

 

Link to comment
Share on other sites

My point of view based on limited research! So happy to take (documented) feedback in this matter ...

I have stated before - this all crumbles down to common sense. If I take a look at the big players in the Netherlands they did not really change anything major. Some smaller adjustments to Privacy statements but that's about it ... Re-marketing maybe even stronger than before! Using YouTube for video's - Engange through Facebook etc. ... And none of the Big players even bother to give a warning message what-so-ever .. Indeed only the known "By using our site, ... you have read and understand " ... Even consent for the Privacy Statement or T&C is not explicitely asked.

There will always be a small group (privacy-activists?) that will question the law - but I doubt they will ever really challenge.

My approach up till now: Implemented @burt modules - off course signed some papers of contractors like Server provider - shipping company etc. - Looked at who uses / has access to our data. But that's about it ... Business as usual.

Link to comment
Share on other sites

Well just booked some tickets for a small vacation  and found this on the site 😂 I think if the big boys are happy with this approach then I'm in good company.

Its just a display with no need to press accept, you can just ignore and carry on using the website. It pops up on a number of pages but again no need to do anything you just carry on using site.

image.thumb.png.1e2f6998c73cb52c63b20efd38c653bd.png

 

Link to comment
Share on other sites

On 8/16/2018 at 7:08 AM, JcMagpie said:

Its just a display with no need to press accept, you can just ignore and carry on using the website. It pops up on a number of pages but again no need to do anything you just carry on using site.

Just a dummy "I accept" button? How long can they get away with this before someone claims in court that this does not, in fact, constitute acceptance of the terms? (they never consented to having their personal information collected) Are you sure that this button has no effect? You've been able to enter personal data, and it's been stored?

Link to comment
Share on other sites

55 minutes ago, MrPhil said:

Just a dummy "I accept" button? How long can they get away with this before someone claims in court that this does not, in fact, constitute acceptance of the terms? (they never consented to having their personal information collected) Are you sure that this button has no effect? You've been able to enter personal data, and it's been stored?

Well no I think you can press the button, but you dont have to and I didnt and still placed my order without pressing anything or ticking anythig. I think BA's leagle team are better than anything I could muster so I'm sure they have done there homework.

 

Link to comment
Share on other sites

 

Did you know that the phone number and IP can not be stored? The IP only Temporarily and only in conjunction with order yes, but the phone number is taboo for general merchants. Unless you have a delivery service.

Link to comment
Share on other sites

@Yepi

1 hour ago, Yepi said:

Did you know that the phone number and IP can not be stored? The IP only Temporarily and only in conjunction with order yes, but the phone number is taboo for general merchants. Unless you have a delivery service.

Source?

Link to comment
Share on other sites

7 hours ago, Yepi said:

 

Did you know that the phone number and IP can not be stored? The IP only Temporarily and only in conjunction with order yes, but the phone number is taboo for general merchants. Unless you have a delivery service.

GDPR does not mean that you cannot keep personal data. It means that you have to explain why you need to keep it, how you will keep it, how it will be used, and how long you will keep it. There is also another silly bit of EU rules about VAT MOSS and electronic services, which says that an IP address can be used as one piece of non conflicting proof to show a customers location at the time of ordering, so you must be allowed to store and keep it. Again the phone number can be used if it is a fixed landline. I think those requirements are that information is kept for 6 years. GDPR is all about protecting peoples personal data, and transparency about what a business does with that data, which has to be a good thing.

Its not just the silly warnings on the first page load that is GDPR, its all the changes to the T&Cs and the privacy policy that are needed. Processes within the business have to be applied in how data is stored, what will happen if there is a data breach, and much more. How many people have checked that their hosts are compliant, as they have access and store to all of your data? I bet not many, as many will just assume that they are. How many of us store owners have the facility to contact all of our customers should a data breach occur. Again not many. Most could use the inbuilt email system, but again how many would get past their hosts email limits and know which ones sent, and which ones didnt.

Gary made many modules to help a business with these rules and regulations, and if you have not purchased them yet, get in touch with @burt

Just as an aside, I got a GDPR email earlier in the week, as the business had just found out about the rules, and they were notifying me about the change in conditions and policies, and also whether I wanted to remain on their mailing list. Only a few months late.

For those that are reading this post, and have yet to fully read about it, there is a shed load and a half of information here. UK site ICO GDPR pages

There will be similar sites for most other countries all you have to do is to find them.

Sorry for the long reply, but some still dont get it.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

3 hours ago, 14steve14 said:

some still dont get it.

Exactly what Steve said.

Just in case, anyone doesn't still realise;

Our german friends have stringent extra data/privacy/info rules that were in place prior to GDPR and they
don't seem to understand that the rest of Europe does not have these same rules.   

Put as simple as I can;

  • GDPR rules and regs apply to all. 
  • German rules and regs do not apply to all.
Link to comment
Share on other sites

14 hours ago, MrPhil said:

Enron had pretty sharp legal and financial teams, too.

😄Not sure why you bring up Enron! What's a morally corrupted company run by crooks has to do with this is anyone’s guess. Those types of company’s will still exist with or without GDPR.

All I can say is after having visited almost all my main site such as Phone, Bank, Cable etc. All are taking the soft approach as shown with BA, Only one (Phone company) has chosen to have a must agree option before they let you use the site. Even that had nothing to do with GDPR it was about allowing them to show ad’s 😄

 

 

Link to comment
Share on other sites

Those messages are not a lot to do with GDPR, they are more to do with the EU cookie regulations, which were brought in 2011. They gave people the right to choose whether they accepted cookies from the site being placed on their computer. You do not need explicit consent to place cookies on a computer which is why you can just ignore the tick box and it will go away. By using the site you are agreeing to their use. There is no way that you can find a persons identity from a cookie, unless it is a bad cookie. If you were concerned about them, you would click the policy details and read what cookies are placed on your computer. I take it everyone here knows that you have to list all the cookies that are used on your site in your privacy or cookie policy.

GDPR is a totally different thing, but does sort of encompass a bit about cookies and their use.

 

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

2 hours ago, JcMagpie said:

Not sure why you bring up Enron!

They are an example of a corporation that thought it had really bright advisors in the legal and financial realm. They thought they could be Masters of the Universe and get away with anything while making boatloads of money. In this one case, they didn't get away with it.

Link to comment
Share on other sites

  • 2 months later...

Seen on the 'net. Sing along!

He's making a list,

He's checking it twice,

He's gonna find out who's naughty or nice,

Santa Claus is -- in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679.

Link to comment
Share on other sites

I watched it online after you mentioned it. Nothing really new to us, but a look at the young lawyer who drove this thing through, with a discussion of "whose data is it?".

Not GDPR-related, but covering a lot of issues in ecommerce, was a segment yesterday on "Marketplace" (marketplace.org for 2018-11-12) starting at 08:36 and running 4 minutes.

  • 70% of shopping carts are abandoned
  • being hit with unexpected fees late in the process is a big killer
  • need to create an account turns off many shoppers (want guest checkout)
  • many shoppers are so lazy that they can't be bothered to fish out a credit card, and would like to use something like ApplePay, available with one click
  • shoppers want simplified information gathering -- three fields for the phone number is so much work, compared to a single phone field
  • stores need to encourage impulse buying, or most shoppers won't be excited enough to complete the purchase
  • if anticipated delivery time exceeds 48 hours, many shoppers will say "forget it"
  • many online shoppers are not serious about making a purchase, but are in it for the experience
  • suggests a need to discourage coupon use (?? that would seem to discourage buying even further)
  • Amazon Prime effect: need to divert marketing budget from coupons to lower cost/free shipping to attract customers

End Times, anyone?

Link to comment
Share on other sites

  • 2 months later...

Intresting artical, did not know PCmag was still around!

As many suspected this was never going to protect people from those that are determined to abuse privacy laws and many still do.

 

Spam is as strong as ever, cold calling continues apace and marketing company's have found and exploited loop holes in the regulations.

 

The number of complaints are a drop in the ocean. Compare the 60k complaints to the billions of data interactions taking place on the internet alone each day.

 

I’m not sure a 44m fine will make much of an impact on how Google works! A few less bean bags maybe?

 

The data genie is out of the box and too many people rely on this for generating profits, they will not give up this cash cow just because the EU makes a few regulations.

 

I imagine they will be spending a lot more that 44m in finding ways to get around the regulations.

 

You may ask the question Is GDPR a farce?

https://www.thepotentmix.co.uk/blog/the-farce-that-is-gdpr

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...