The add-on will provide the tool: 1. Ask for consent
That's great, but it only affects to customers who register a new account. Customers who already have an account, must also agree with the terms.
I have to write to all customers and ask them to agree to the new privacy policy, set a deadline and who has not consented at this time delete the data. The add-on does not offer a solution for this yet.
This is something i've actually mentioned to them. Maybe Ilya can clarify this.
Either way, i think you have to send your customers a mail anyhow. You have to get concent from them to send that mail after 24th of may though ;)
The GDPR also applies to invoicing/accountancy software you might be using, external accountants handling their information, etc.
If we make a mistake which normally does not happen we are always happy to take care of it.
Next we will update our Privacy page and then we should be fine.
Keep in mind though that if you sell to EU Customers (not companies) you still have to be GDPR-ready and ask your customers for consent on all things where you store their information. If you work with a 3rd party accountant you have to inform your customers in the privacy policy.
/offtopic out of curiousity, what custom items are you making for your EU customers? :)
You have to inform then that their information is stored in CS Cart, (some) information in Stripe and Paypal, and have to inform then how your e-mail is handled, local server, on the webserver or Google Apps/Exchange, stuff like that.
Also who handles the website. Local/selfhosted server or Hosting Company. You also have to inform them who internally is responsible for their data, who they can contact if they want it deleted/anonymized and what the steps are to do that. You also have to have a Data Emergency Plan (not sure if that's the actual English title), but what internally are the steps if there is a data leak. You don't have to make that public though, but just mention you have that.
The current GDPR plugin is NOT multi-store able. It should be, since based on the store, information can be diffrent. I have a cusomer running zoho mails for most of the shops but a local server for another.
The current GDPR plugin is NOT multi-store able. It should be, since based on the store, information can be diffrent. I have a cusomer running zoho mails for most of the shops but a local server for another.
The support of multiple storefronts is planned, along with a couple of other improvements. Please refer to this post for our plans on the GDPR add-on.
The support of multiple storefronts is planned, along with a couple of other improvements. Please refer to this post for our plans on the GDPR add-on.
Well I can report my first bug with the GDPR addon. In the customer area where as store admin I can amend data related to my customer there is now a tab called GDPR user data. I cannot however manipulate any data under this tab
as for my own test dummy account I have with my store I get the following error thrown at me via the admin panel
Tygh\Exceptions\AException
Message
Unknown column 'cscart_subscribers.lang_code' in 'field list' (1054)
SELECT cscart_subscribers.subscriber_id, cscart_subscribers.email, cscart_subscribers.timestamp, cscart_subscribers.subscriber_id, cscart_subscribers.lang_code FROM cscart_subscribers LEFT JOIN cscart_user_mailing_lists ON cscart_user_mailing_lists.subscriber_id = cscart_subscribers.subscriber_id WHERE 1 AND cscart_subscribers.email LIKE '%g.a.katgert@gmail.com%' GROUP BY cscart_subscribers.subscriber_id ORDER BY cscart_subscribers.timestamp desc
Well I can report my first bug with the GDPR addon. In the customer area where as store admin I can amend data related to my customer there is now a tab called GDPR user data. I cannot however manipulate any data under this tab
Do you mean the GDPR user data tab in the admin panel on the customer editing page? If so, then it's not a bug; that tab helps administrators to review all the data they have on a customer, and the sources where that data came from. That way administrators know what sort of data they'd be exporting to XML files or anonymizing on customer's request.
as for my own test dummy account I have with my store I get the following error thrown at me via the admin panel
Does this issue also occur at http://demo.cs-cart.com? If so, please post an instruction how to reproduce it on the bug tracker. Otherwise, it may be better for our specialists to investigate this problem directly in your store. For that, please contact our technical support via Help Desk.
The users must have a choice. The fact that they use a website does not mean they agree to all cookies. The type of phrase used at the moment is barely informative enough and it certainly doesn’t give a choice. A website owner will not be able to constrict users to accept cookies in exchange for information.
Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. An example is clicking through an opt-in box or choosing settings from the menu. Pay attention to not have pre-ticked boxes on the consent form!
Let’s not forget about opt-out. The GDPR clearly states that a data subject should be able to withdraw consent as easily as they gave it. With cookies this will generally mean that they should be able to revoke consent through the same action as when they gave consent. For example, if they consented by clicking through some boxes, they have to be able to find the same form to revoke consent.
The users must have a choice. The fact that they use a website does not mean they agree to all cookies. The type of phrase used at the moment is barely informative enough and it certainly doesn’t give a choice. A website owner will not be able to constrict users to accept cookies in exchange for information.
Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. An example is clicking through an opt-in box or choosing settings from the menu. Pay attention to not have pre-ticked boxes on the consent form!
Let’s not forget about opt-out. The GDPR clearly states that a data subject should be able to withdraw consent as easily as they gave it. With cookies this will generally mean that they should be able to revoke consent through the same action as when they gave consent. For example, if they consented by clicking through some boxes, they have to be able to find the same form to revoke consent.
