I'm reading about GDPR EU privacy law and I have some questions about how Opencart can become compliant.
I'm not a lawyer but a developer and I have no liability for the accuracy of the information.
Dead line is May 25 2018 and, as far as I know, organizations risk fines of up to €20 million or 4% of the organization’s global yearly turnover, whichever is higher.
I read that some requirement are request only for Companies with minimum X employees or X revenue.
what is seems is requires is:
- User can delete their data from database. As far as I know, is not possible in Opencart. What happen to orders and all related records?
- After 24 months of inactivity ( no login ) user account should be delated from DB. As far as I know, is not possible in Opencart.
- Cookie need to have opt-in opt-out option. I link a website as an example: https://www.cookiebot.com/en/cookie-declaration/.
Those are the requirement that I'm aware of, note sure if all companies need to be compliant or just who as more than X employees or X revenue.
The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.
We have create a special page for GDPR and Ecommerce here https://www.willows-consulting.com/gdpr-for-ecommerce/
We have a GDPR Compliance addon for opencart here.
here https://www.opencart.com/index.php?rout ... n_id=32993 .
GDPR can become a rabbit hole if you are not careful. Basically its protecting and using personal information correctly in the way your customer has permitted you to do so. Explicit permission has to be given. So spamming, selling customer lists, and not reporting data breaches to affected customers cannot continue. Basically being careless with customer data is now punishable by large fines and reputation damage from the publicity that will come after.
It doesn't protect anybody from anything. I can claim, that I'm super GDRP compliant and do all the required stuff, but if I'm a scumbag, nobody will stop me from having a backup database and store every possible info about every customer to use it later. Of course, under different alias/name/whatever.
Good people don't need any laws to never do bad stuff like spamming, ignoring data breaches or any other stuff. The only law I personally follow in my life: be honest with everybody. And I do this always. I never steal anything, never sell customers data or fraud them. For people like me laws, which tell you to be good, are not necessary at all. As for those who live on fraud, no law can stop them. They will keep stealing and selling data, spam will continue, credit cards will be stolen and so on. NOTHING will change, except that those, who want to comply will have spend more money on something, which they don't really need.
So again, none of such laws actually protect. Like IP_CAM already said, they just give more job for lawyers.
Users browsing this forum: No registered users and 11 guests