To summarise the essentials of GDPR ....your users must
give
Explicit Consent for you to use their data for the purposes you intend,
have
Access to their information and
have the
Option to remove their information.
Zencart has
Consent (you may need to set admin> configuration > regulations ...Confirm Privacy Notice During Account Creation Procedure to true) and
Access (through My Account) in place while the
Option to Remove exists in the sense that the user must inform you that they want to have their data removed upon which you can delete their account from admin > customers > customers, but there is not really the clear guidance that GDPR demands.
Giving consent extends to your existing clients, so they need to have the opportunity to review and Accept/Decline your privacy policy.
So we've added 2 new links in My Account for
Review and accept privacy statement and
Delete My account.
The former takes the user to a page which displays the contents of admin > tools > define_pages_editor...define_privacy.php, with buttons to
Accept or
Decline. If they Accept, they continue with whatever they were doing, but if they decline, they are logged out and taken to a page which explains why, and lets them know they can log back in and change their mind, otherwise their account will be deleted.
Whichever decision they make, the date is recorded in the database and a flag also set to show the decision. These flags can then be used by those with appropriate skills to identify and automatically delete accounts. You would need to action Delete Requests manually via admin > customers > customers where, as a reminder, deleting the customer does not delete their past orders which you are legally required to retain in the UK by HMRC for 6 years.
It would also be necessary to email your existing customer base to invite them to visit the site and login to update their preferences.
Admin functions
You can specify the email address to which the Delete requests are sent.
Should you need to modify your privacy statement and require people to re-consent, you can reset so that the client will have to review the privacy on their next login.
The date of acceptance (or otherwise) displays in the customer info page.
There is a sortable and "searchable by email" display of all those who HAVE accepted
This manual version of our GDPR package for Zencart was written for ZC155 (although it will work on older) and for now you can download it from
http://jsweb.uk/gdpr_service/gdpr4zc.zip as we haven't had time yet to meet the documentation requirements for submitting to the plugins section.
Bookmarks