General Data Protection Rules GDPR

[davewest]

It's more then likely the date now()

Then it needs to be like this:

'customers_privacy_date' => 'now()'

[Adrian Ciocîrlan]

It's more then likely the date now()

Then it needs to be like this:

'customers_privacy_date' => 'now()'

Yo! Thanks man, this solved the problem, now it works at create_account.php level and also at COWOA no_account.php level, you've been of great help!

Cheers!

[adb34]

There seems to be two threads running about this matter. Anyway, I have had one of my friends send me a link to a wordpress plugin that checks to see if you are compliant., may be useful. www.edmundloh.net/gdpr-fix

Also, one of my other friends, yes I have two friends, who has a lot to do with data protection etc, he is going to put together a human version of what you need to do and how. This may be the other side of this weekend before he can get something to me, as he needs to make sure, the stuff he looks after is up to spec for the 25th May. He did say the big thing to note is that you can look at everything somebody has on you for free instead of the £10 charge.

Nothing to do with this did everybody know you can no longer charge for a customer using a credit card? I bet you did

[torvista]

Question: If the customer has to check the "Accept Conditions" checkbox when they create an account, why is not

table customer_info->field:customers_info_date_account_created

proof of acceptance?

[Design75]

I was thinking the same thing

Question: If the customer has to check the "Accept Conditions" checkbox when they create an account, why is not

table customer_info->field:customers_info_date_account_created

proof of acceptance?

[HeathenMagic]

If you find davewest's mod can't do what you want, post any error messages you had - I've installed that mod I referred to and it's working fine (only one issue I had to resolve).

Hello there,

I just wondered if you are able to use the popup privacy link on the create account page? I have CSS Loader, I think it is blocking it for me. I tried pasting the following snippet to tpl_modules_create_account.php directly but no joy. Though I think it has to be done from a different code somewhere:-

<script type="text/javascript">
<!--
function gdpr_decline(){
window.location = "<?php echo zen_href_link(FILENAME_DEFAULT); ?>"
}
//-->
</script>

[torvista]

Regarding deleting orders and customers details,
I didn't like putting holes in the tables where things have just vanished and cannot be referenced to an invoice (produced by other software) and so decided to change these operations to delete the personal/identification data (name, address but not country and postcode, telephone) and leave the unidentifiable order details intact.

[simon1066]

I too noticed that, I think it controls the return to the home page after declining to accept the privacy review in Account.

[diptimoy]

Thanks for that. I don't use mailchimp, but I will have to see if I can put something in the footer

what changes we need to do to make our zencart store GDPR compliant?

I understood one like the newsletter checkout should nor be pre ticked . What are the others ?

Thanks in advance

[fix_metal]

To summarise the essentials of GDPR ....your users must

give Explicit Consent for you to use their data for the purposes you intend,
have Access to their information and
have the Option to remove their information.

Zencart has Consent (you may need to set admin> configuration > regulations ...Confirm Privacy Notice During Account Creation Procedure to true) and Access (through My Account) in place while the Option to Remove exists in the sense that the user must inform you that they want to have their data removed upon which you can delete their account from admin > customers > customers, but there is not really the clear guidance that GDPR demands.

Giving consent extends to your existing clients, so they need to have the opportunity to review and Accept/Decline your privacy policy.

So we've added 2 new links in My Account for Review and accept privacy statement and Delete My account.

The former takes the user to a page which displays the contents of admin > tools > define_pages_editor...define_privacy.php, with buttons to Accept or Decline. If they Accept, they continue with whatever they were doing, but if they decline, they are logged out and taken to a page which explains why, and lets them know they can log back in and change their mind, otherwise their account will be deleted.

Whichever decision they make, the date is recorded in the database and a flag also set to show the decision. These flags can then be used by those with appropriate skills to identify and automatically delete accounts. You would need to action Delete Requests manually via admin > customers > customers where, as a reminder, deleting the customer does not delete their past orders which you are legally required to retain in the UK by HMRC for 6 years.

It would also be necessary to email your existing customer base to invite them to visit the site and login to update their preferences.

Admin functions

You can specify the email address to which the Delete requests are sent.
Should you need to modify your privacy statement and require people to re-consent, you can reset so that the client will have to review the privacy on their next login.
The date of acceptance (or otherwise) displays in the customer info page.
There is a sortable and "searchable by email" display of all those who HAVE accepted

This manual version of our GDPR package for Zencart was written for ZC155 (although it will work on older) and for now you can download it from http://jsweb.uk/gdpr_service/gdpr4zc.zip as we haven't had time yet to meet the documentation requirements for submitting to the plugins section.

Hello,
I really thank you for this package because it's really saved me.
I found a small bug for which a non SuperUser account won't be able to enter the "GDPR Tools" from "Tools" menu.
The file includes/extra_datafiles/gdpr_filenames.php contains:
define('FILENAME_TOOLS_GDPR', 'gdpr.php');
but it really should be
define('FILENAME_TOOLS_GDPR', 'gdpr');

otherwise non-superuser accounts will be redirected to the denied.php page.

Plus it doesn't seem to send any e-mail upon denial of the new Privacy Policy. E-mails do work from Zen Cart in my configuration. I'm investigating this a little more by myself for this. Meanwhile, if you have any ideas, go on posting :)