Post by richaaron » Thu Mar 29, 2018 10:01 pm

Hello all,

Most of you will know about the new GDPR Law coming into the EU in May.. https://ico.org.uk/for-organisations/gu ... tion-gdpr/
In order to satisfy the "Right to Erasure" (deletion of personal data - https://ico.org.uk/for-organisations/gu ... o-erasure/), I have added a button on the "My Account" page which I want to be able to delete all information in the database wherever the customer id is present.

Does anyone know a good way to attack this? As it stands, I'm thinking just multiple queries to each table that has a "customer id" column.

Thanks in advance!
Using OC 2.2.0.0 Clean Install
Last edited by richaaron on Thu Mar 29, 2018 10:25 pm, edited 2 times in total.

Newbie

Posts

Joined
Fri May 19, 2017 8:03 pm

Post by straightlight » Thu Mar 29, 2018 10:15 pm

No OC version posted. No URL about officials regarding new law enforcement. Please read the most recent forum rules.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by richaaron » Thu Mar 29, 2018 10:22 pm

Terribly sorry, I rarely use the forum so did not realise there were such rules. I've edited my post to include the information it was missing

Newbie

Posts

Joined
Fri May 19, 2017 8:03 pm

Post by straightlight » Thu Mar 29, 2018 10:34 pm

Interesting documentation for this upcoming enforcement. According to this documentation: https://ico.org.uk/media/1624219/prepar ... -steps.pdf , Step 12 dictates that for International customers, steps should be reviewed before considering any removals versus the individual rights (step 4).

I will send the notice of this new law announcement on Github so to let the team know regarding the proper actions that needs to be considered for the UK area. One statement that I might need to add for Step 12, since it involves International customer profiles with confidential information, orders must also be held for a year which, in Canada, must be between January and December of the year of every year. Removing customer's information also affects the order transactions in the mean time as well as the customers activities and transactions which means, in theory, it wouldn't be entirely possible to remove all customers information from a store selling products and services especially for the fact that Opencart do provide recurring product profiles period from the store on recent OC versions as well as handling those services from internal / external providers (OLAs).

However, as we know, payment providers will already implement those regulations as perhaps increase profile services via their APIs which will help maintain those regulations with their clients (merchants).

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by thekrotek » Thu Mar 29, 2018 10:45 pm

As far as I know, there's an extension, which helps you comply this stupid advanced cookie law. Not sure which one, but try to search OpenCart Marketplace by "cookie" or "gdrp".

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by straightlight » Thu Mar 29, 2018 10:50 pm


The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by richaaron » Thu Mar 29, 2018 11:20 pm

@straightlight Thank you for taking that responsibility and for the link to the extension.
You make a good point, and thinking about it now, in the UK, we have to keep records of accounts for 6 years (https://www.gov.uk/running-a-limited-co ... ng-records) anyway so removing this information would be unlawful.

I think I've just answered my own question; as the policy states (https://ico.org.uk/for-organisations/gu ... o-erasure/) the right to erasure does not apply if you need the information "to comply with a legal obligation".

@thekrotek Thanks for reminding me about the cookies!

Newbie

Posts

Joined
Fri May 19, 2017 8:03 pm

Post by straightlight » Thu Mar 29, 2018 11:32 pm

I think I've just answered my own question; as the policy states (https://ico.org.uk/for-organisations/gu ... o-erasure/) the right to erasure does not apply if you need the information "to comply with a legal obligation".
Ensure this law also is compliant with step 4 and step 12 regarding the legal obligation.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by IP_CAM » Thu Mar 29, 2018 11:36 pm

Well, I made a VqMod out of this nice OC-3 OcMod, just a few days ago,
and it should work in all OC-2 Versions too.
Ernie
https://www.opencart.com/index.php?rout ... n_id=32165

I don't use the Forum Mailer, to reach me, contact: jti@jacob.ch
-
Demoversions:
OpenCart LIGHT v.1.5.6.5 http://www.bigmax.ch/
OpenCart V-PRO v.1.5.6.5 http://www.ebikes.li/shop/
-
1'700+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by richaaron » Thu Mar 29, 2018 11:38 pm

straightlight wrote:
Thu Mar 29, 2018 11:32 pm
Ensure this law also is compliant with step 4 and step 12 regarding the legal obligation.
Thanks for the heads up, I shall look into this some more.
Finding this whole thing a bit of a struggle as i'm just a developer and know little about law.

Newbie

Posts

Joined
Fri May 19, 2017 8:03 pm

Post by richaaron » Thu Mar 29, 2018 11:40 pm

IP_CAM wrote:
Thu Mar 29, 2018 11:36 pm
Well, I made a VqMod out of this nice OC-3 OcMod, just a few days ago,
and it should work in all OC-2 Versions too.
Ernie
https://www.opencart.com/index.php?rout ... n_id=32165
Thanks @IP_CAM! I shall look into implementing this too at some point.

Newbie

Posts

Joined
Fri May 19, 2017 8:03 pm

Post by straightlight » Thu Mar 29, 2018 11:41 pm

A developer should also be knowledgeable about laws as much as with compliancy when developing projects with any namespaces. ;)

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Fri Mar 30, 2018 2:06 am

Understanding the 'new' law (not new because already in effect since 2 years - the 25th May 2018 is 'only' the last day it should be implemented an all stores worldwide (doing business inside/with European Countries/Customers), deleting customers data / records is against every locale finance regulation.
In some countries you have to store customer data for 10 years, in some 7, and so on ..

But what is true, that a customer can ask to delete his data if it is NOT related to an order (process).
Means every email and other stored data has to be deleted on demand.
And also subscriptions to newsletter etc.

And customers shall have the opportunity to claim this deletion via a form inside the (opencart) shop.
As well as they can ask - best will eb also via a form - to provide all stored data about him - and the store / store owner has to provide this complete data as soon as possible (no big delay).

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by straightlight » Fri Mar 30, 2018 2:09 am

Along with the agreeable information above:
In some countries you have to store customer data for 10 years, in some 7, and so on ..
There are world-wide call centers maintaining the customer's data between 20-25 years and with time that goes on, more and more that maintains them for life.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Fri Mar 30, 2018 2:42 am

straightlight wrote:
Fri Mar 30, 2018 2:09 am
Along with the agreeable information above:
In some countries you have to store customer data for 10 years, in some 7, and so on ..
There are world-wide call centers maintaining the customer's data between 20-25 years and with time that goes on, more and more that maintains them for life.
The moment these data are not required (e.g. 10 years because of fiscal reasons), they have to delete them.
And if they do not delete them by themself, the originator (the store owner) has to push them to delete.
Otherwise the store owner violates the legislation.
And after the (new) GDPR he has to do so.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by wenmar » Fri Mar 30, 2018 5:51 am

i'm going to follow this topic..

Newbie

Posts

Joined
Sun Jan 28, 2018 5:11 am

Post by willows » Wed May 23, 2018 5:45 am

Hi

The customer can request that their data be deleted at any time.
The customer cannot demand that their personal data be removed from invoices as this data is required for accounting and tax. GDPR law does not take over tax law. After x years you no longer have to keep the data for tax reasons. So after x years this data should be destroyed.

In opencart the guest shopper is not stored on the customer table and their details are only on the order table. So the guest can request their information but not ask for it to be deleted.

The registered shopper can request, alter, download and ask to be deleted.

Our addon looks after all these options automatically for the store owner. So there are no manual actions required by the store owner when a customer wants to request, alter, download and ask to be deleted. It also stores all the terms and conditions that the customer agreed to. It also has a nice data breach management tool which hopefully you will never need to use.
Link to the addon is here [url]https://www.opencart.com/index.php?rout ... =32993[url]

I hope this helps.

Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Opencart Developers Ireland
Image


User avatar
New member

Posts

Joined
Sun Mar 17, 2013 5:19 am
Location - Dublin Ireland

Post by OSWorX » Wed May 23, 2018 10:43 am

willows wrote:
Wed May 23, 2018 5:45 am
In opencart the guest shopper is not stored on the customer table and their details are only on the order table. So the guest can request their information but not ask for it to be deleted.
Nonsens again!
The moment someone - You - has stored [personal] data (e.g. IP, Address, Name, Tel, etc.) it can also be deleted.
The more: after the 25th of May 2018 everyone has the right for deletion - also guests.

It depends only on the request and the type of stored data what can be deleted.

So, if a Guest has made an order, his/her data is stored.
Stored short as possible, long as needed (up to 10 years, sometimes longer).

And when such a deletion is requested, you have to follow this request.
You are not allowed to delete data which maybe can be used for tax and/or financial authority (e.g. Name, Address, Order details) or Warranty (this could be up to 30 years, depend on your business!).

But an IP-Address can be deleted in any way.

And storing financial data only on a server can lead to a problem (e.g. lost of data because of .. many reasons).
Therefore such sensible and required data like Invoices should be printed and stored physically.

Another reason why this is the best method: imagine the tax Authority make an Audit.
You then have to show them the data during the Audit, but the connection to server is dead (yes, this can happen at any time).
A Fine will be the result, because you are not able to provide the data when requested.
Keeping a printed (and stored) record in House, need at least a few minutes.

There is much more than only a few Laws and you have to know all which are relevant for your business.
Best advice is - hire a tax and/or legal consultant(s) if you are in doubt.

Btw. after the longest possible periode (see abobe, e.g. 10 years), you have to delete such datain any case!

So, deleting of guest data is possible.
You only have to 'delare' and show such regulations to your customers (see Privacy Statement).

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by Rainforest » Thu May 24, 2018 1:05 am

So is the add on necessary? Why not just create a simple information page to have information deleted or in the privacy policy have the email address to remove all information from the company?

I'm trying to figure out if the add on (at 49.00) is overkill?

Active Member

Posts

Joined
Fri Jan 28, 2011 3:50 am

Post by OSWorX » Thu May 24, 2018 10:25 am

Rainforest wrote:
Thu May 24, 2018 1:05 am
So is the add on necessary? Why not just create a simple information page to have information deleted or in the privacy policy have the email address to remove all information from the company?

I'm trying to figure out if the add on (at 49.00) is overkill?
Not this, there are better available (and will be this afternoon) for that money!

Back to your 2nd question: are you serious?
Have you not heard what starts in 23 hours and 49 minutes?
Something called GDPR

In the meantime the forum here is full with tasks about that.
Read only some of them and you should see that this question is so stupid.
Except your Webshop is located somewhere in the desert and only Camels walking by ..

It is not clear what's the background of your question!
What can be done with a simple information page?
Well, also with the GDPR you will need at least 3 of them - 2 with much text, 1 less.

Could it be, that you have only 1 customer the year?
If, then I understand - this one can be deleted manual.
But if you have more - what I guess - what is your business?
Data manipulation (deleting data and checking if the shop afterwards is running again)?
Guess also not.

Could it be, that you earn that less, that 40-60 Euro are too much?
Guess also not.

Maybe you have too much money, being only a scrooge?
Also not correct?

Okay, here we are: either you hurry up, do all by yourself and then you will be ready approximitely around X-Mas 2018.
Or you investigate a few bucks, buy what the market currently offer - and be happy.
Why?
Because there is so much more then a simple 'Information Page'.

Okay back to business: look around, read a bit and buy what you think it will fit your needs - while the need for this is already dictated by: GDPR

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Who is online

Users browsing this forum: No registered users and 21 guests