GDPR EU privacy law

Hi,

I'm reading about GDPR EU privacy law and I have some questions about how Opencart can become compliant.
I'm not a lawyer but a developer and I have no liability for the accuracy of the information.

Dead line is May 25 2018 and, as far as I know, organizations risk fines of up to €20 million or 4% of the organization’s global yearly turnover, whichever is higher.

I read that some requirement are request only for Companies with minimum X employees or X revenue.

what is seems is requires is:

- User can delete their data from database. As far as I know, is not possible in Opencart. What happen to orders and all related records?
- After 24 months of inactivity ( no login ) user account should be delated from DB. As far as I know, is not possible in Opencart.
- Cookie need to have opt-in opt-out option. I link a website as an example: https://www.cookiebot.com/en/cookie-declaration/.

Those are the requirement that I'm aware of, note sure if all companies need to be compliant or just who as more than X employees or X revenue.

This inquiry never stops to worry people does it? Take a look at this topic: viewtopic.php?f=190&t=203265&p=719186#p719186

If you are dealing with EU citizens even if you are not in the EU you will have to comply.
We have create a special page for GDPR and Ecommerce here https://www.willows-consulting.com/gdpr-for-ecommerce/
We have a GDPR Compliance addon for opencart here.
here https://www.opencart.com/index.php?rout ... n_id=32993 .

GDPR can become a rabbit hole if you are not careful. Basically its protecting and using personal information correctly in the way your customer has permitted you to do so. Explicit permission has to be given. So spamming, selling customer lists, and not reporting data breaches to affected customers cannot continue. Basically being careless with customer data is now punishable by large fines and reputation damage from the publicity that will come after.

willows wrote: ↑

Wed May 23, 2018 5:37 am

Basically its protecting and using personal information correctly in the way your customer has permitted you to do so.

It doesn't protect anybody from anything. I can claim, that I'm super GDRP compliant and do all the required stuff, but if I'm a scumbag, nobody will stop me from having a backup database and store every possible info about every customer to use it later. Of course, under different alias/name/whatever.

willows wrote: ↑

Wed May 23, 2018 5:37 am

So spamming, selling customer lists, and not reporting data breaches to affected customers cannot continue.

Good people don't need any laws to never do bad stuff like spamming, ignoring data breaches or any other stuff. The only law I personally follow in my life: be honest with everybody. And I do this always. I never steal anything, never sell customers data or fraud them. For people like me laws, which tell you to be good, are not necessary at all. As for those who live on fraud, no law can stop them. They will keep stealing and selling data, spam will continue, credit cards will be stolen and so on. NOTHING will change, except that those, who want to comply will have spend more money on something, which they don't really need.

So again, none of such laws actually protect. Like IP_CAM already said, they just give more job for lawyers.

https://seersco.com/articles/data-prote ... -act-1998/
he Data Protection Act 1998 until the 25th May 2018 was the UK law governing how personal data is processed, stored and protected by organisations, businesses and even the government. Controllers with access to this data followed somewhat strict rules known as the ‘data protection principles’ which meant that they had to ensure the information they had access to was;