Meet Cs-Cart And Multi-Vendor 4.7.4 With Gdpr Support



Hello!

We have released CS-Cart & Multi-Vendor 4.7.4. The main reason for this release is the General Data Protection Regulation of the European Union. The regulation will become enforceable on 25 May 2018. That way you’ll have more than 2 weeks to prepare for it.

GDPR Compliance

The GDPR is a European Union regulation on personal data processing. It affects everyone who collects and uses personal data (that includes contact information or addresses) of EU citizens and residents. To learn more, check out an article about GDPR compliance in our blog.

Version 4.7.4 comes with an add-on that informs new customers about how you handle personal data. The add-on also helps you manage that data: anonymize it or export it to an XML file. Please refer to our documentation for more information. There are two ways to get the add-on:

1. Upgrade to version 4.7.4. This is the best way—not only will you get the GDPR Compliance add-on, but also the latest features and security fixes. If necessary, prolong your upgrade subscription.

2. Buy the GDPR add-on installation service for older CS-Cart and Multi-Vendor 4.x.x versions. Normally we don’t port new functionality to older versions, but we understand the importance of complying with the GDPR. That’s why we’ve set up this paid service. Once you have purchased it, please contact us via Help Desk to have the add-on adapted for your 4.x.x store.

Unfortunately, adapting the add-on for earlier versions like 2.x.x or 3.x.x is more complicated and borders on writing an add-on from scratch. That’s why we advise contacting a third-party developer for this.

The add-on by itself is not enough to make you GDPR-compliant. You’ll need to review the requirements of the GDPR and address them. For example, you’ll probably need to change the text of privacy notices and get to consent for personal data processing from your existing customers by email (the add-on doesn’t handle that).

Other Changes

Version 4.7.4 also includes improvements to Beta add-ons:

Advanced Products Import [Beta] now supports XML files. It also allows to perform a test import (the first 5 products from the file) or to only create new products, skipping the import of existing ones.

Product Variations [Beta] now clones all variations when cloning a configurable product.

Responsive Admin Panel [Beta] now allows selecting multiple products from the product list on mobile devices by long tapping.

As usual, the full list of changes can be found in the changelog. The upgrades to version 4.7.4 are already available. We provide upgrades in small batches, so if you don’t see this upgrade in your Upgrade Center yet, please try again later.

Good!

Where is a delete me option in the gdpr module ?

It looks like you have missed the EU GDPR guidelines:
http://ec.europa.eu/newsroom/article29/news.cfm?item_type=1360
Your article doesn’t mention these official guidelines.
They explain what & how functionality needs to be implemented. And how it should not be implemented.
I do not see such compliance in the new release.
Please evaluate this.

The EU was really late with releasing these essential guidelines.

--

doesnt appear on upgrade center ?

Where is a delete me option in the gdpr module ?


Currently customers have to contact you (for example, by email) to have their data anonymized or exported to XML. You can provide the contact information in the notices about personal data processing. There are placeholders that allow you to put that email address in every notice and change it in the add-on settings, if necessary.

It looks like you have missed the EU GDPR guidelines:
http://ec.europa.eu/newsroom/article29/news.cfm?item_type=1360
Your article doesn't mention these official guidelines.
They explain what & how functionality needs to be implemented. And how it should not be implemented.
I do not see such compliance in the new release.
Please evaluate this.

The EU was really late with releasing these essential guidelines.


Could you provide more information as to why you believe the add-on doesn't serve its purpose and what additional functionality is necessary?

doesnt appear on upgrade center ?


As usual, we provide upgrades in small batches, so if you don’t see this upgrade in your Upgrade Center yet, please try again later.

Is time to check it, thx.

Currently customers have to contact you (for example, by email) to have their data anonymized or exported to XML. You can provide the contact information in the notices about personal data processing. There are placeholders that allow you to put that email address in every notice and change it in the add-on settings, if necessary.

aham... so you will work on the proper solution in the futur e?

and how is it working with the cookie notification ? opt in - opt out ?

here is a demo how actually the cookie notification should work :

https://addons.prestashop.com/demo/FO13605.html

Hello, and thank you for feedback.

Currently the cookie notification isn’t affected by the GDPR Compliance add-on. It is the same as it used to be and can be enabled/disabled under Settings → Security. If there is enough demand, we may improve this aspect in one of the future CS-Cart versions, as well as add the ability for customers to request their personal data or its anonymization from the front end, without having to contact store administration.

I also noticed that there is a third-party add-on that may also address the same issues.

why demand ? you have pointed that cs cart will comply with gdpr (eu rules). and how we all see here you have implemented about 34% of mandatory stuff

there is a 100% demand .... all your customers from EU need this...

An addon for an addon! And so quickly released...

here is a demo how actually the cookie notification should work :

https://addons.prestashop.com/demo/FO13605.html

i I hoped that cs-cart would do the same ....

I am a bit confused about the cookies. Now required by law to offer the user that he can disagree with cookies use, and therefore we need to block the cookies from the store... is this addon capable to do this?

Maybe cookie consent should look like https://cookieconsent.insites.com/app/themes/insites-cookie-consent/examples/example-5-opt-in.html- "In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them" ( http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm ).

But there are many exemptions: user‑input cookies (session-id), authentication cookies, "... to identify the user once he has logged in, for the duration of a session..." and so on.

Also seems very important time "...for the duration of a session or persistent cookies limited to a few hours in some cases...".

But Google Analytics cookies do not stick with these exemptions.

There is a new agreement that should be accepted with google or something like that... this job has to be done in the google analytics dashboard...

yes, the cookie conest opt-in opt-out from https://cookieconsent.insites.com/app/themes/insites-cookie-consent/examples/example-5-opt-in.htmlis optimal solution.