New General Data Protection Regulation 2018-05-25

[toplakd]

```

My Data Protection Rights

RIGHT TO BE INFORMED

Every user who has registered in our on-line store has the right to find out what information we collect about him and for what purposes. According to this right, you can request a copy of the data we have about you in our on-line store. If you want to be informed , please contact us with click on the button below! Enter "Right to be informed" into Message field and click Send. We will provide you information about your activity as soon as possible or within a month.

I want to be informed

RIGHT OF RECTIFICATION

If you notice that your personal information is incorrect or incomplete, you have the right of rectification or you can update/change you data in the "My Account" category.

To My Account

RIGHT TO ERASURE

As a user of our on-line store, you have every right to request the erasure of your information / account. You can not delete your on-line account before your last order placed is confirmed as delivered. If you want to delete your account and all your information from our on-line store, please contact us with click on the button below! Enter "I want to delete my Account" into Message field and click Send. We will delete all informations about your activity in the shortest possible time or within one month.

I want to delete my account

RIGHT TO OBJECT

We process your information only for processing of your orders and for notifying you about the status of your orders. We do not do direct marketing nor profiling. We do not use your data for research and statistic purposes

RIGHT TO RESTRICT PROCESSING

We process your information only for processing of your orders and for notifying you about the status of your orders.

REVISION OF AUTOMATION

We don't use automated processing or profiling of your personal data.

RIGHT TO DATA PORTABILITY

You can ask us at any time for all the information we have about you in our on-line store. If you would like a transfer your data, please contact us with click on the button below! Enter "I want to download my Data" into Message field and click Send. We will provide you all informations about your activity in the shortest possible time or within one month.

Download my Data

RIGHT OF ACCESS

You can access all the information that we have in our on-line store when you click on "My Account" You can review your stored orders, review or change your addresses and review or change your personal data.

To My Account

```

[toplakd]

Just check the links on the button if you have your instalation in folder. if it's www.yourshop.com will be ok. If it's on www.yourshop.com/store you will have to modify the buttons link

I know it could be made better, but I'm not coder. Just trial & error.

Open your new CMS page, go to Tools/Source code, and paste this into it. Remember you will have to disable General/HTML purifier as otherwise it will not work. Disable it before you copy paste the code.

After that, edit your my-account.tpl file and add a line somewhere between links in "my-account-link-list" Do not forget to change getCMSlink number with the ID number of your CMS page. <li><a href="{$link->getCMSlink(13)}" title="{l s='My Data Protection'}"><i class="icon-file-o"></i><span>{l s='My Data Protection'}</span></a></li>

[toplakd]

Will there be option to disable cookie consent in case it's not needed ?

[30knees]

@toplakd said in New General Data Protection Regulation 2018-05-25:

Just check the links on the button if you have your instalation in folder. if it's www.yourshop.com will be ok.

Works perfectly! Thanks :)

[toplakd]

If you will change the texts, do it in source code, as normal cms editor could break it very quick if not careful. If you will add it to blockmyaccountfooter.tpl than do it with if $is_logged, so it wont be visible in footer for unlogged ones. {if $is_logged} <li><a href="{$link->getCMSLink(13)}" title="{l s='My Data Protection' mod='blockmyaccountfooter'}" rel="nofollow">{l s='My Data Protection' mod='blockmyaccountfooter'}</a></li>{/if} For unregistered it is enough if you show the first CMS page, with all info on one page without links to contact form. http://thbees.alza-racing.net/info/data-protection

[toplakd]

And if you want to style it to your theme, you can do it through global.css

[vincentdenkspel]

@snowycat Alhough your plan is to release the module in the near future it may be still worthwile to create a 'flexible' crowdfunding campaign for the module.

[nickon]

@SnowyCat You are right: The most important thing is to not overcomplicate the UX. Can't wait to test it.

[DRMasterChief]

Hello, the first GDPR panic should be over and as far as i can see, many shopowner are over-doing requirements a bit.

tb should have an focus on:

Conclude it's not really necesarry to have checkboxes for consent on contact form and creating account. As we have discussed before a simple message with link to the pricacy policy is enough.

The GDPR module should contain an option to just put messages for this instead of check-boxes. So everyone is free to choose from checkbox or just the simple message.

Thanks so far, can't wait to see this module :)

[toplakd]

This Is how I have solved it, without any module. Little changed description in CustomerPrivacyblock, plus some small editing in contact-form.tpl. In my-account.tpl I added a link to CMS page with rights, which points customer to contact form with directions what to write when they send a request. I have this since day 1 (25.may) so no one can say I didn't do at least something in this direction.

[DRMasterChief]

Hi @toplakd , yes i am following your ideas and solution. I also have done some simple changes by CMS and/or html, my opinion is that we do not need checkboxes for most (all) of the GDPR things and it is possible to use the standard tools from tb to configure this.

Sometimes a more flexible solution will be fine, so a module can do most of the work for us. But let's see what the next days will bring....

[toplakd]

I checked github and it seems module will have everything needed. With template for each of the rights. So one can nicely adopt it to own theme/needs. Just hoping one would not be able to self delete account with admin aprooval. Admin area wil also have a tab for each right so i assume one would be able to write the texts in backoffice

[Traumflug]

Here's a preview of the admin interface:

I like how one can get through all the topics step by step and each one gets explained!

[toplakd]

Nice for that approach. Exactly what I wanted, that each right is easily modified in the back office within tabs.

[Traumflug]

All the likes I got for the above post deserve to the two developers making this module, of course. Me made just the screenshot.

[Manisch]

@traumflug said in New General Data Protection Regulation 2018-05-25:

All the likes I got for the above post deserve to the two developers making this module, of course. Me made just the screenshot.

[toplakd]

Some copy paste from other forum (ps-german section) - google translate.

The first warnings have become known, These come already from 25.5.2018. Issued warnings so far: 1. Integration of Google Webfonts (linking to Google privacy does not help) 2. Lack of privacy statement (amount in dispute 7500 Euro) 3. Wrong data protection statement (no details of the person responsible for the data protection, lack of indication of the duration of the data storage, assessment basis, purpose of the data collection.) 4. Incorrect integration of Google Analytics (optin, opt out) 5. Using Facebook Like u. Share buttons. 6. Cookies

Installing only the module won't make your site compliant. GDPR Modules are covering just one part of all needed things, no matter which module you install, there are stil steps that you will need to do on your own to be compliant.

[nickon]

@toplakd There will be a lot of issues. eg vodafone.com does not give you the option to opt out google. vodafone.gr does not even state what cookies they use. I dowd that companies this big will not cover their asses. It also makes me wonder why vodafone does not have a unified policy. eg vodafone.de is super analytic. welcome to the gdpr hell....

[toplakd]

It's same here in our country. With preselected options on registration fields, preselected tracking to other websites etc. No data protection by default, it's basicaly stil Tracking by default :)

Big players can afford to make missing changes once needed (fined), small players could not afford to be fined, even minimum. There are some sites that are doing everything needed. But some are just ignorant to everything, as currently in my country there is one institution covering this GDPR with 1 employee for whole country :) So chances for being under revision are minimal. Another story is Germany

Currently no one wants to disable more than neccessary (or disable nothing) until first fines set the standard of what will be looked for and what will be fined.

And installing GDPR module with rights, or establishing CMS with right is one step closer to beeing compliant. Not forgeting the policy pages and Data protection informational pages (who, what for, how long, etc.)

And then you check latimes.com and it's disabled for Europe :)

[nickon]

Hopefully @SnowyCat will release the module before fines are beeing set :-)

[toplakd]

I'm not in big hurry regarding GDPR module, as I do have working (simple) solution from day 1, and its current state (on live page) is way better than what I see at local websites. But will install it once it comes, due to easier managing of rights pages and especialy if it will be able to send requests directly to back office without use of contact form.

[Manisch]

If anyone is giving me a fine, I would write a personal letter to Jan-Philipp Albrecht :D

[nickon]

While waiting for @SnowyCat to complete the gdpr module I was wondering if someone has an opinion on sending emails to customers to leave review of the service/product on our site or an external review site

[Pedalman]

If you are asking for GDPR and customer reviews I strongly suggest to remain technical and on topic. Opinions and law do not fare well together and it would water this good forum. What we need is regular statements from developers so a feeling of trust can build. Concerning your question I know that you will need consent from customer to send her/him a review email. These are not the same as a newsletter. Review emails need consent. Moreover you also need to explain about this in your GDPR CMS. How can you attain consent? Only way at the moment is via double-optin to receive a review email. In order to facilitate this you could best make use of a check button after payment conformation (since so you 'catch' only customers who were willing to buy and go into contract with you).

I was not able to get the technical side of these constraints working on my shop. I am no coder and need help.

[Manisch]

@nickon As far as I know, asking for a review is considered "advertising". So If a customer agreed to receive your newsletter, then it's ok to ask for a review via email - otherwhise it's "spam".

Perhaps you can print some cheap flyers/postcards so you can put in your package to ask for a review. Perhaps you can even combine it with a small piece of chocolate...? (: