Jump to content
Latest News: (loading..)
14steve14

Who in the EU has heard of GDPR and will it affect you

Recommended Posts

3 minutes ago, Dan Cole said:

I'm no lawyer but I'm not sure this is true.   As I understand it, the EU or any country for that matter only has the ability to write laws governing their own people...they can't impose laws or rules on the citizens of other countries nor could they enforce them. 

Dan 

Yes they can and they already did. Take a look at the VAT Rules if you sell digital services or digital goods into EU. You would have to register with one EU Country for VAT Moss and report for every tax rate on every eu country how much vat you added while selling to a eu customer.

Sure, what the EU can do regarding non EU business not doing as regulated by EU is limited.


Need an easy base to start creating Oscommerce Modules?
https://oscompose.com/ (Forum Thread about OsCompose)

 

Share this post


Link to post
Share on other sites
12 minutes ago, Dan Cole said:

I'm no lawyer but I'm not sure this is true.   As I understand it, the EU or any country for that matter only has the ability to write laws governing their own people...they can't impose laws or rules on the citizens of other countries nor could they enforce them. 

Dan 

It's true Dan.  

https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#607bdeae6ff2

The link also clearly states that my previous post is incorrect. 
f some random french guy buys from you while he is outside the EU, GDPR does not apply. 
I guess:  collect the IP address to prove it.

Quote

Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl  from the Netherlands -- would certainly seal the case.

That is super interesting.  Do you accept Euro or GBP on your site(s) ?  Yikes.

Quote

This can get more complicated when a customer signs up for a service or buys something. The vendor will need to obtain explicit permission for each type of processing done on the personal data (i.e., email promotions or sharing with third-party affiliates will have separate checkboxes).

Sounds like a separate checkbox needed for all external stuff;

[ ] can we mailchimp you
[ ] can we use Paypal
[ ] can we Maxmind
[ ] can we blah blah

Edited by burt

This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites
9 minutes ago, MrPhil said:

Can you imagine if even a small percentage of people in the EU suddenly demand that all their forum/blog posts, reviews, endorsements, tweets, etc. be immediately deleted? It will be chaos, but the GDPR says they can. Can you imagine having to ask people for permission to pass their shipping address on to the Post Office or shipping company? The intent (to protect privacy) is noble, but the execution is seriously flawed. It's one thing to implement reasonable data protection and privacy rules, but the GDPR goes beyond the Pale.

maybe that is what we eu citizens should do. use the system and request data 24/7 until it becomes clear that it is stupid :)


Need an easy base to start creating Oscommerce Modules?
https://oscompose.com/ (Forum Thread about OsCompose)

 

Share this post


Link to post
Share on other sites
1 minute ago, Stephan Gebbers said:

maybe that is what we eu citizens should do. use the system and request data 24/7 until it becomes clear that it is stupid :)

I can tell you now, that I will be causing so much trouble to every site I ever signed up to...

Maybe we all should ?


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites
1 minute ago, burt said:

I can tell you now, that I will be causing so much trouble to every site I ever signed up to...

Maybe we all should ?

sure, but no oscommerce stores ;)


Need an easy base to start creating Oscommerce Modules?
https://oscompose.com/ (Forum Thread about OsCompose)

 

Share this post


Link to post
Share on other sites
6 hours ago, burt said:

It would be really cool if you emailed these two companies, asking for their advice...
When/if you get a reply post it back to this thread...

I *guess* you will need to have extra tickboxes asking for customers permission to send some details to maxmind/fraudlabs.
What customer details are sent?  I have never used either of these, so I don't know...

i just contacted maxmind with a request how they are prepared for GDPR (DSGVO in Germany). They are on it and plan to be ready in Q1 they say. And if i have any specific questions i can send my questions to their support.

 

Edited by Stephan Gebbers

Need an easy base to start creating Oscommerce Modules?
https://oscompose.com/ (Forum Thread about OsCompose)

 

Share this post


Link to post
Share on other sites
12 minutes ago, burt said:

It's true Dan.  

I'm not convinced....I would love to see an article addressing the legal aspects of it, especially one written by an authority outside the EU.  Fortunately I don't sell of ship anything outside of Canada or the US so I don't have to worry about it.

Dan

Share this post


Link to post
Share on other sites
1 hour ago, burt said:

I can tell you now, that I will be causing so much trouble to every site I ever signed up to...

Maybe we all should ?

Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

I did a little more research and it looks like there is an agreement between the EU and US which might account for the EUs over reach on this.  I also noted that the US has complicated matters further but imposing obligations and sanctions for failing to preserve certain electronic data.  Looks like this is getting to be a fairly complicated issue and it'll be interesting to see how this all plays out.   

https://www.inta.org/Advocacy/Documents/2017/Article - Compliance with the EU_S General Data Protection Regulation and US Discovery Law.pdf

Dan

Edited by Dan Cole
link added.

Share this post


Link to post
Share on other sites

From the webinar I took part in, it seems that you need to get explicit consent to store the data. When getting that consent you have to link to your privacy policy which should detail what you will do with that data once you have it, and how you will protect it. You don't need to ask for consent every time as they have already agreed to how you use it.

One idea that was agreed that could eliminate some confusion for customers is to have pop up boxes when a customers clicks on say the email box when creating an account with a short bit of text as to why you need to give that information.The box would then disappear when  they start typing assuming that they read it. What was stressed as being very important was storing the date that consent was given, which oscommerce could do as it records the date that the account was created. As long as there is a checkbox on that page then all should be fine.

There will be a lot more confusion to come yet. It will be good to see what some of the larger websites do.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites
12 hours ago, 14steve14 said:

Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time.

It was a bit tongue-in-cheek.  Although I do get a lot of spam mail from one particular place I signed up to, so hopefully I can stop that.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

Hi,

Is using Google Analytics module in osC considered GDPR's definition of profiling using personal information ?

Thanks in advance for your input.

Eddy

Share this post


Link to post
Share on other sites
7 hours ago, Moxamint said:

Hi,

Is using Google Analytics module in osC considered GDPR's definition of profiling using personal information ?

Thanks in advance for your input.

Eddy

I don't use GA so I dont know the answer...

But, what customer data is sent to the Google Servers?  If you can find that out, we can at least make an educated guess.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

The Google Analytics data doesn't contain any personal data, but you can figure out who some people are with transactions. 


I'm not really a dog.

Share this post


Link to post
Share on other sites

If ... you are a store owner, anywhere in the world, and are running the community version of osC (Gold or Edge) ...

I strongly urge you to sign up for the 28-days code bundle that @burt has here:

The GDPR modules alone (days 16, 18, and 24) are worth the price of admission!

(plus, you'd be helping with the development of the software that you are using to run your businesses)

Malcolm

 


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release here

Share this post


Link to post
Share on other sites

*** update ***

@burt has added two additional bonus GDPR modules to his 28-days bundle (as well as some other additional bonuses), making this bundle even more valuable! It's not too late to: 1) get these GDPR modules for your store, and 2) help support and move osCommerce to the next level!

Malcolm


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release here

Share this post


Link to post
Share on other sites

GDPR modules

Thinking about GDPR some more and looking at some of the modules Gary has created, I was thinking about the contact us form. Should there be a box warning or consent check box on that page as the name, email and possibly phone number could be kept for future contact. The same sort of thing with the product notification page.

Not too sure both pages have been set up to allow modules to be added to them, but should something be done just to cover business owners.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites
On 3/9/2018 at 9:37 AM, 14steve14 said:

GDPR modules

Thinking about GDPR some more and looking at some of the modules Gary has created, I was thinking about the contact us form. Should there be a box warning or consent check box on that page as the name, email and possibly phone number could be kept for future contact. The same sort of thing with the product notification page.

Not too sure both pages have been set up to allow modules to be added to them, but should something be done just to cover business owners.

Hoping that [sooner rather than later], these sorts of ideas will come up for discussion and then whatever is decided needs doing...can be coded up in time for the GDPR start date.  


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

ps, split the last two posts off and into this thread as this thread is the more important (and visible) thread.  Hope thats OK @14steve14


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites
On 2/27/2018 at 3:38 PM, John W said:

The Google Analytics data doesn't contain any personal data, but you can figure out who some people are with transactions. 

IP address ?


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

No, it doesn't give ip info, but you can track order id numbers.  it does have session tracking where you can see people over multiple sessions and their paths and actions.  Also shows search terms they choose.  All anonymous data though.  


I'm not really a dog.

Share this post


Link to post
Share on other sites
Posted (edited)

Hi all,

we definetly need anonimity process in admin backup download process and in account delete requests. I think that the best would be a database field selector where we could select the relevant fields to clear. There would be an admin setup page and this rules table could be used in account anonimity or special database export process.

As developer I dont want to be in personal data incident when I use client's database on my development enviroment. So I start to develop an admin security module for v2.3.4 core.

Why admin setup page?

because there are different database installation everywhere so we dont have general rules to do it safety.

First list of sensitive fields

{"action_recorder":["user_name","identifier"],"address_book":["entry_firstname","entry_lastname","entry_street_address"],"customers":["customers_firstname","customers_lastname","customers_email_address"],"orders":["customers_name","customers_street_address","customers_email_address","delivery_name","delivery_street_address","billing_name","billing_street_address"],"orders_status_history":["comments"],"reviews":["customers_name"]}

 

Edited by tgely
post extend

:blink:

Share this post


Link to post
Share on other sites

Datatable field selector page is ready. Now I am working on field rule selectors and research. I will push it on github later.

Required anonimity rules of sensitive fields

rename,  delete,  change

Names - anonim name rule
Don Joe -> anonim
Street address -> anonim

Email - anonim provider rule
don.joe@gmail.com -> anonim@gmail.com (we can touch the email provider for stats later)

Birthday - anonim date rule
1992-02-18 -> reset to year first day value (1992-01-01)

IP address - anonim regio rule
192.168.1.1 -> 192.0.0.0 (keep the main interval for stats)

what else?
Please if you have any idea post here


:blink:

Share this post


Link to post
Share on other sites

GDPR modules, setup and backup functionality are ready so there is an easy way to develop customer GDPR compatible anonimity account module

 

GDPR_setup.PNG

gdpr_modules.PNG


:blink:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×