Hello all,
Most of you will know about the new GDPR Law coming into the EU in May.. https://ico.org.uk/for-organisations/gu ... tion-gdpr/
In order to satisfy the "Right to Erasure" (deletion of personal data - https://ico.org.uk/for-organisations/gu ... o-erasure/), I have added a button on the "My Account" page which I want to be able to delete all information in the database wherever the customer id is present.
Does anyone know a good way to attack this? As it stands, I'm thinking just multiple queries to each table that has a "customer id" column.
Thanks in advance!
Using OC 2.2.0.0 Clean Install
No OC version posted. No URL about officials regarding new law enforcement. Please read the most recent forum rules.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Interesting documentation for this upcoming enforcement. According to this documentation: https://ico.org.uk/media/1624219/prepar ... -steps.pdf , Step 12 dictates that for International customers, steps should be reviewed before considering any removals versus the individual rights (step 4).
I will send the notice of this new law announcement on Github so to let the team know regarding the proper actions that needs to be considered for the UK area. One statement that I might need to add for Step 12, since it involves International customer profiles with confidential information, orders must also be held for a year which, in Canada, must be between January and December of the year of every year. Removing customer's information also affects the order transactions in the mean time as well as the customers activities and transactions which means, in theory, it wouldn't be entirely possible to remove all customers information from a store selling products and services especially for the fact that Opencart do provide recurring product profiles period from the store on recent OC versions as well as handling those services from internal / external providers (OLAs).
However, as we know, payment providers will already implement those regulations as perhaps increase profile services via their APIs which will help maintain those regulations with their clients (merchants).
I will send the notice of this new law announcement on Github so to let the team know regarding the proper actions that needs to be considered for the UK area. One statement that I might need to add for Step 12, since it involves International customer profiles with confidential information, orders must also be held for a year which, in Canada, must be between January and December of the year of every year. Removing customer's information also affects the order transactions in the mean time as well as the customers activities and transactions which means, in theory, it wouldn't be entirely possible to remove all customers information from a store selling products and services especially for the fact that Opencart do provide recurring product profiles period from the store on recent OC versions as well as handling those services from internal / external providers (OLAs).
However, as we know, payment providers will already implement those regulations as perhaps increase profile services via their APIs which will help maintain those regulations with their clients (merchants).
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
As far as I know, there's an extension, which helps you comply this stupid advanced cookie law. Not sure which one, but try to search OpenCart Marketplace by "cookie" or "gdrp".
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Might be this extension: https://www.opencart.com/index.php?rout ... n_id=21834
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
@straightlight Thank you for taking that responsibility and for the link to the extension.
You make a good point, and thinking about it now, in the UK, we have to keep records of accounts for 6 years (https://www.gov.uk/running-a-limited-co ... ng-records) anyway so removing this information would be unlawful.
I think I've just answered my own question; as the policy states (https://ico.org.uk/for-organisations/gu ... o-erasure/) the right to erasure does not apply if you need the information "to comply with a legal obligation".
@thekrotek Thanks for reminding me about the cookies!
You make a good point, and thinking about it now, in the UK, we have to keep records of accounts for 6 years (https://www.gov.uk/running-a-limited-co ... ng-records) anyway so removing this information would be unlawful.
I think I've just answered my own question; as the policy states (https://ico.org.uk/for-organisations/gu ... o-erasure/) the right to erasure does not apply if you need the information "to comply with a legal obligation".
@thekrotek Thanks for reminding me about the cookies!
Ensure this law also is compliant with step 4 and step 12 regarding the legal obligation.I think I've just answered my own question; as the policy states (https://ico.org.uk/for-organisations/gu ... o-erasure/) the right to erasure does not apply if you need the information "to comply with a legal obligation".
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Well, I made a VqMod out of this nice OC-3 OcMod, just a few days ago,
and it should work in all OC-2 Versions too.
Ernie
https://www.opencart.com/index.php?rout ... n_id=32165
and it should work in all OC-2 Versions too.
Ernie
https://www.opencart.com/index.php?rout ... n_id=32165
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Thanks for the heads up, I shall look into this some more.straightlight wrote: ↑Thu Mar 29, 2018 11:32 pmEnsure this law also is compliant with step 4 and step 12 regarding the legal obligation.
Finding this whole thing a bit of a struggle as i'm just a developer and know little about law.
Thanks @IP_CAM! I shall look into implementing this too at some point.IP_CAM wrote: ↑Thu Mar 29, 2018 11:36 pmWell, I made a VqMod out of this nice OC-3 OcMod, just a few days ago,
and it should work in all OC-2 Versions too.
Ernie
https://www.opencart.com/index.php?rout ... n_id=32165
A developer should also be knowledgeable about laws as much as with compliancy when developing projects with any namespaces. 
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Understanding the 'new' law (not new because already in effect since 2 years - the 25th May 2018 is 'only' the last day it should be implemented an all stores worldwide (doing business inside/with European Countries/Customers), deleting customers data / records is against every locale finance regulation.
In some countries you have to store customer data for 10 years, in some 7, and so on ..
But what is true, that a customer can ask to delete his data if it is NOT related to an order (process).
Means every email and other stored data has to be deleted on demand.
And also subscriptions to newsletter etc.
And customers shall have the opportunity to claim this deletion via a form inside the (opencart) shop.
As well as they can ask - best will eb also via a form - to provide all stored data about him - and the store / store owner has to provide this complete data as soon as possible (no big delay).
In some countries you have to store customer data for 10 years, in some 7, and so on ..
But what is true, that a customer can ask to delete his data if it is NOT related to an order (process).
Means every email and other stored data has to be deleted on demand.
And also subscriptions to newsletter etc.
And customers shall have the opportunity to claim this deletion via a form inside the (opencart) shop.
As well as they can ask - best will eb also via a form - to provide all stored data about him - and the store / store owner has to provide this complete data as soon as possible (no big delay).
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Along with the agreeable information above:
There are world-wide call centers maintaining the customer's data between 20-25 years and with time that goes on, more and more that maintains them for life.In some countries you have to store customer data for 10 years, in some 7, and so on ..
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
The moment these data are not required (e.g. 10 years because of fiscal reasons), they have to delete them.straightlight wrote: ↑Fri Mar 30, 2018 2:09 amAlong with the agreeable information above:
There are world-wide call centers maintaining the customer's data between 20-25 years and with time that goes on, more and more that maintains them for life.In some countries you have to store customer data for 10 years, in some 7, and so on ..
And if they do not delete them by themself, the originator (the store owner) has to push them to delete.
Otherwise the store owner violates the legislation.
And after the (new) GDPR he has to do so.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Hi
The customer can request that their data be deleted at any time.
The customer cannot demand that their personal data be removed from invoices as this data is required for accounting and tax. GDPR law does not take over tax law. After x years you no longer have to keep the data for tax reasons. So after x years this data should be destroyed.
In opencart the guest shopper is not stored on the customer table and their details are only on the order table. So the guest can request their information but not ask for it to be deleted.
The registered shopper can request, alter, download and ask to be deleted.
Our addon looks after all these options automatically for the store owner. So there are no manual actions required by the store owner when a customer wants to request, alter, download and ask to be deleted. It also stores all the terms and conditions that the customer agreed to. It also has a nice data breach management tool which hopefully you will never need to use.
Link to the addon is here [url]https://www.opencart.com/index.php?rout ... =32993[url]
I hope this helps.
The customer can request that their data be deleted at any time.
The customer cannot demand that their personal data be removed from invoices as this data is required for accounting and tax. GDPR law does not take over tax law. After x years you no longer have to keep the data for tax reasons. So after x years this data should be destroyed.
In opencart the guest shopper is not stored on the customer table and their details are only on the order table. So the guest can request their information but not ask for it to be deleted.
The registered shopper can request, alter, download and ask to be deleted.
Our addon looks after all these options automatically for the store owner. So there are no manual actions required by the store owner when a customer wants to request, alter, download and ask to be deleted. It also stores all the terms and conditions that the customer agreed to. It also has a nice data breach management tool which hopefully you will never need to use.
Link to the addon is here [url]https://www.opencart.com/index.php?rout ... =32993[url]
I hope this helps.
Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Opencart Developers Ireland
Nonsens again!
The moment someone - You - has stored [personal] data (e.g. IP, Address, Name, Tel, etc.) it can also be deleted.
The more: after the 25th of May 2018 everyone has the right for deletion - also guests.
It depends only on the request and the type of stored data what can be deleted.
So, if a Guest has made an order, his/her data is stored.
Stored short as possible, long as needed (up to 10 years, sometimes longer).
And when such a deletion is requested, you have to follow this request.
You are not allowed to delete data which maybe can be used for tax and/or financial authority (e.g. Name, Address, Order details) or Warranty (this could be up to 30 years, depend on your business!).
But an IP-Address can be deleted in any way.
And storing financial data only on a server can lead to a problem (e.g. lost of data because of .. many reasons).
Therefore such sensible and required data like Invoices should be printed and stored physically.
Another reason why this is the best method: imagine the tax Authority make an Audit.
You then have to show them the data during the Audit, but the connection to server is dead (yes, this can happen at any time).
A Fine will be the result, because you are not able to provide the data when requested.
Keeping a printed (and stored) record in House, need at least a few minutes.
There is much more than only a few Laws and you have to know all which are relevant for your business.
Best advice is - hire a tax and/or legal consultant(s) if you are in doubt.
Btw. after the longest possible periode (see abobe, e.g. 10 years), you have to delete such datain any case!
So, deleting of guest data is possible.
You only have to 'delare' and show such regulations to your customers (see Privacy Statement).
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
So is the add on necessary? Why not just create a simple information page to have information deleted or in the privacy policy have the email address to remove all information from the company?
I'm trying to figure out if the add on (at 49.00) is overkill?
I'm trying to figure out if the add on (at 49.00) is overkill?
Self Taught Opencart User & Developer Since 2010.
Not this, there are better available (and will be this afternoon) for that money!Rainforest wrote: ↑Thu May 24, 2018 1:05 amSo is the add on necessary? Why not just create a simple information page to have information deleted or in the privacy policy have the email address to remove all information from the company?
I'm trying to figure out if the add on (at 49.00) is overkill?
Back to your 2nd question: are you serious?
Have you not heard what starts in 23 hours and 49 minutes?
Something called GDPR
In the meantime the forum here is full with tasks about that.
Read only some of them and you should see that this question is so stupid.
Except your Webshop is located somewhere in the desert and only Camels walking by ..
It is not clear what's the background of your question!
What can be done with a simple information page?
Well, also with the GDPR you will need at least 3 of them - 2 with much text, 1 less.
Could it be, that you have only 1 customer the year?
If, then I understand - this one can be deleted manual.
But if you have more - what I guess - what is your business?
Data manipulation (deleting data and checking if the shop afterwards is running again)?
Guess also not.
Could it be, that you earn that less, that 40-60 Euro are too much?
Guess also not.
Maybe you have too much money, being only a scrooge?
Also not correct?
Okay, here we are: either you hurry up, do all by yourself and then you will be ready approximitely around X-Mas 2018.
Or you investigate a few bucks, buy what the market currently offer - and be happy.
Why?
Because there is so much more then a simple 'Information Page'.
Okay back to business: look around, read a bit and buy what you think it will fit your needs - while the need for this is already dictated by: GDPR
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Who is online
Users browsing this forum: No registered users and 113 guests
