X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   News and Announcements (https://forum.x-cart.com/forumdisplay.php?f=28)
-   -   Gdpr - upcoming law for European merchants (https://forum.x-cart.com/showthread.php?t=75544)

xim 07-27-2017 10:40 PM

Gdpr - upcoming law for European merchants
 
Hello!

My question is for europian merchants.

http://www.eugdpr.org/gdpr-faqs.html
http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know-5/page/0/1
http://www.itpro.co.uk/security/27563/how-to-get-ready-for-gdpr-2018-data-protection-changes-2/page/0/2
http://www.privacycheq.com/?page_id=36352
https://blog.kaspersky.com/gdpr-poll/16926/

What do you think about this law?
How is it important to compliant it?
How will business work with orders where buyers send a request to delete personal data?

chamberinternet 10-24-2017 04:32 AM

Re: Gdpr - upcoming law for European merchants
 
I believe it's very important to be compliant and it applies to any company that deals with customers/businesses within Europe (So not only European Merchants)
Article for the US companies - http://www.ibtimes.com/eus-gdpr-what-will-american-companies-have-do-comply-2573002

Quote:

How will business work with orders where buyers send a request to delete personal data?

I'm not 100% entirety sure on this. Perhaps have a link on the website for a customer to request to remove their data from the website and offline systems?

What does anyone else think?

Best Regards

Shafiq

elmirage001 10-24-2017 07:29 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by chamberinternet
I believe it's very important to be compliant and it applies to any company that deals with customers/businesses within Europe (So not only European Merchants)
Article for the US companies - http://www.ibtimes.com/eus-gdpr-what-will-american-companies-have-do-comply-2573002



I'm not 100% entirety sure on this. Perhaps have a link on the website for a customer to request to remove their data from the website and offline systems?

What does anyone else think?

Best Regards

Shafiq



Hi Shafiq,

Thank you for your post. I skipped over this in July because I'm in the US and didn't think it applied to me. But it does...

Paul

chamberinternet 10-24-2017 07:33 AM

Re: Gdpr - upcoming law for European merchants
 
No Problem Paul...

Our company is looking into this right now.

Myself, manager and company secretary are spearheading this.
Quite a bit to take into consideration.

I'm looking after the marketing side of things - In terms of assuring all our contacts have given consent to receive newsletters and promotions from us.

Best Regards

Shafiq

pauldodman 02-19-2018 02:30 AM

Re: Gdpr - upcoming law for European merchants
 
As the deadline for this starts to move into view, wondering if there are any actual solutions planned, particularly regarding changes in X-Cart for compliance?

voodoo1967 03-21-2018 05:03 AM

Re: Gdpr - upcoming law for European merchants
 
GDPR affects everyone, if you sell into the UK, if you sell from the UK, what information do you hold on customers, do you need to be holding that information, have you informed them what you are holding - and why ?.

Have all your staff been on GDPR training ? - can you prove it ?
Have you had a pen test?, can you prove it ?
Are you secure ?
Where is your data held ?, is it secure?, can you prove it ?

This is a massive area, which huge implications for everyone

So what has everyone done about it ?

kevinrm 03-26-2018 10:25 AM

Re: Gdpr - upcoming law for European merchants
 
Although I sell to Europe, I don't live in Europe. I'm not doing squat about it, mainly because I think it's arrogant the EU thinks it can tell people outside of Europe how to operate their businesses. I mean, if they find a way to block my goods from entering the EU then perhaps I will start to care but this nonsense about them fining us tens of thousands of dollars in countries where they have absolutely no jurisdiction is ridiculous. Seriously, people need to resist this where possible.

voodoo1967 03-26-2018 11:11 AM

Re: Gdpr - upcoming law for European merchants
 
I dont think it quite works like that. Sure if you dont sell into the EU and you sell within the US, then I wouldnt pay much attention. The US patriot act is in direct opposition to GDPR.

The EU puts countries into 3 categories
1. EU countries - Spain, Germany, UK (for the time being)
2. EU countries they have trade deals with - like Canada
3. Every other country not in groups 1 or 2. Which is the US

For the UK - the trouble being post Brexit we maybe in group 3 - which makes it very difficult for the UK. The UK is bringing in it's own act of Parliament The DPB (Data Protection Bill) - which aims to be even stringer than GDPR - in the hope that if UK companies are DPB compliant then defacto they will be GDPR compliant.

It's meant to protect who can keep data on you, why they keep data on you. You need to prove you need that data and that your customers know about it. You also need to prove you have kept that data secure.

So no longer can large corps have a data breach and blame it on a technical error, or hold info without you knowing about it.

If FaceBook , Google and any other large corp want to do business in the EU - they will need to comply. The old argument of we are 'just a platform' will no longer exist.

cflsystems 03-26-2018 11:30 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by voodoo1967
If FaceBook , Google and any other large corp want to do business in the EU - they will need to comply. The old argument of we are 'just a platform' will no longer exist.


Doing business "in" and doing business "with" are 2 different terms.

Not that I oppose either way but I think it is pretty obvious a business which ships good will need and have your name, address, phone, etc in order to run the order and you do know about it because you provided this info at time of checkout.

Not to defend the big corporations which totally use and abuse customer info (refer to recent FB findings) but I also think EU is going a little bit too far with this.

I really do not see it small businesses trying to comply with this. The most they will do is to have some page with info what they have, do, etc. with some data. In most cases these small businesses don't; even know what kind of data they have for customers.

voodoo1967 03-26-2018 12:22 PM

Re: Gdpr - upcoming law for European merchants
 
Taking information for shipping is fine, holding that information for years and years is not fine under GDPR, unless of course you have informed the customer what you are holding and how long for and then giving customers the option of deleting all that data.

And on top of that - is that data secure, and can you prove it.

Basically the EU wants the customer to be able to know who holds data on them, what the data is and for the that data to be deleted on request. Saying sorry I didnt update a dodgy wordpress plugin is no longer an excuse.

There will definitely be a few test cases coming soon I think

kevinrm 03-26-2018 07:24 PM

Re: Gdpr - upcoming law for European merchants
 
They have zero jurisdiction over people not in Europe...

voodoo1967 03-26-2018 11:29 PM

Re: Gdpr - upcoming law for European merchants
 
I would advise you have a read of this
http://safedatamatters.com/gdpr-datacontrollers-part1/

If you hold information on EU citizens then GDPR applies to you, it seems.

elmirage001 03-27-2018 05:00 PM

Re: Gdpr - upcoming law for European merchants
 
We're in the US and about 4% of our business comes from the EU & UK. There is no way we're going to try to comply with GDPR. We'll just remove the EU countries and the UK.

Has anyone seen any opt out language? I'm sure we'll need some language in our Terms of Service.

Tim Soles 04-05-2018 02:08 AM

Re: Gdpr - upcoming law for European merchants
 
As a UK company we will have to comply with the new regulations and the main impact for us is getting the customer's specific permission through a tick box to allow us to subsequently send them marketing emails.

In the past, this consent was included in our general terms and conditions of placing an order, but now it has to be a separate specific and positive consent in a tick box, and we will have to retain a permanent record of this consent.

For our part we will prefer to have this built in to x-cart rather than establishing separate databases.

Triple A Racing 04-05-2018 08:50 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by Tim Soles
For our part we will prefer to have this built in to x-cart rather than establishing separate databases.

Glad you added the prefix "...for our part" to that conclusion :wink:

Conjecture and Opinions on; Planned compliance measures, countries theoretically affected, countries actually affected, ergo businesses potentially at risk, the ability for this to actually be enforced etc etc etc vary massively and this collection of varied opinions, is the only true live reference point to GDPR... so far....

If and we say If, XC do decide to add a method of GDPR compliance to XC5, then this must only be by way of a module (free or chargeable / XC / Third Party Developer / Custom Home Built) because... this then allows selective choice by all storeowners, which is very important.

Many storeowners may / will be unaffected and therefore, will be (and rightly so) disenfranchised :mrgreen: with having any GPDR compliance processes forced upon them as part of XC5 #Core as it will be 100% superfluous in their case. @qualiteam please pass this on to the right XC people. Thx!

kevinrm 04-05-2018 07:30 PM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by Triple A Racing
Glad you added the prefix "...for our part" to that conclusion :wink:

If and we say If, XC do decide to add a method of GDPR compliance to XC5, then this must only be by way of a module (free or chargeable / XC / Third Party Developer / Custom Home Built) because... this then allows selective choice by all storeowners, which is very important.




Adding a simple checkbox that will enable or disable a feature is hardly forcing anything. I'm beginning to wonder why you resist these simple things...

Triple A Racing 04-05-2018 09:56 PM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by kevinrm
Adding a simple checkbox that will enable or disable a feature is hardly forcing anything

It's enforcing a #Core process / service that's completely unnecessary for some XC5 storeowners. That's the point.

It's just as easy to add a module if you need it or not add a module if you don't. That's currently still one of the attractions of XC5 i.e. controllable customisation.
Some previous #Core changes / improvements have been either superfluous to many or caused big issues elsewhere within XC5. As you know! :wink:
Quote:

Originally Posted by kevinrm
I'm beginning to wonder why you resist these simple things...

:mrgreen: Feel free to wonder, but in this case, it's not a simple change. That's why. If you dig deeper into GDPR even at it's current status, then this will become pretty clear...

xim 04-06-2018 12:21 AM

Re: Gdpr - upcoming law for European merchants
 
In 2-3 weeks we are going to release GDPR-friendly add-ons for xc5.3.5.x and xc4.7.x branches.

And yes, it is not about a simple checkbox on the site. You need to change all your business process to make it compliant GDPR. However, our addon will help merchants to be GDPR friendly.

cflsystems 04-06-2018 04:57 AM

Re: Gdpr - upcoming law for European merchants
 
Max is this module going to be flexible or will it aim at EU stores only? Meaning - if any website/store does not need or want to accept and implement these rules can they still use the module but tweak info/wording/labels so to have sort of their own gdpr policy?

Basically use it more of a informative and self-aware tool for customers. I can see how some sites may want to skip the gdpr but voluntarily enforce their own rules and inform customers.

voodoo1967 04-06-2018 07:27 AM

Re: Gdpr - upcoming law for European merchants
 
Can I also add in here GDPR is much more than a tick box. A customer can ask lots of questions of you, it also deals with security, hacking, notifying the relative authorities if you have been hacked had a data breach etc.
You also need to be able to demonstrate you have taken reasonable steps to secure your data.
The impact of GDPR is going to be huge in my opinion

ITVV 04-06-2018 08:02 AM

Re: Gdpr - upcoming law for European merchants
 
This is a BIG subject and is applicable to companies WORLDWIDE that do business in EUROPE.

@cflsystems -
Quote:

if any website/store does not need or want to accept and implement these rules...
- Steve, these GDPR rules are not optional. They apply Worldwide to any company doing business in the EU.

Here is a quick read to summarise the GDPR rules: -

Yes, The GDPR Will Affect Your U.S.-Based Business

Just my 2 cents...

I'll get my coat!

Kind regards

ITVV

cflsystems 04-06-2018 05:15 PM

Re: Gdpr - upcoming law for European merchants
 
That's fine. However just because a company has online presence doesn't mean it does business with EU. if anything it is the choice of the EU customer to do business with that company.
I agree personal/financial data must be protected at all times. But at the same time it is the customer that places an order and provides the personal data voluntarily - or there will be no order. We already have the PCI-DSS rules which are very strict if you ask me. So this new one is more about the personal info.

Anyway I am not opposing it just think it is a little bit arrogant for EU to think they can dictate what businesses outside EU can or should do. Same applies to USA by the way - many examples how USA thinks they can tell everyone what to do...

Triple A Racing 04-06-2018 08:53 PM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by cflsystems
...just because a company has online presence doesn't mean it does business with EU....

Exactly :-)
This is just 1 more reason why all XC5 storeowners should (& looking at the post from @xim will...) have freedom of choice i.e Compliance option via an XC5 add-on / module.

It's also relevant to remember, that if a company has an online presence and does do business with EU.... they may still decide not to take any notice at all of GDPR.
That's another reason why all XC5 storeowners should have freedom of choice i.e Compliance option via an XC5 add-on / module.

There appears to be an assumption by some, that truck loads of unelected EU officials will automatically arrest any non-compliant GDPR company directors / employees after previously fining them on several occasions. It's only our opinion, but we could visualise hundreds of places where that's never ever going to happen, no matter what.

kevinrm 04-06-2018 10:48 PM

Re: Gdpr - upcoming law for European merchants
 
I love how some Europeans are wagging their finger and warning us that will MUST comply with their new rules and that if we don't, we're going to be in big trouble. They assume they'll be able to fine people outside of the EU, lol. I reside in Japan, good luck with them trying to go though the court system here and get any money out of us for non-compliance - they have no jurisdiction here whatsoever. About the worst I can see them doing is holding up parcels going into the EU (out of the millions of parcels coming in daily) and in that case, we would be forced to comply I guess. They can "ask" us to comply, and we "might" comply with it, but this heavy handed BS they're trying to scare everyone with makes me less willing to comply with it. The reality is if we don't comply with it there isn't a thing they can do about it.

kevfromwiganinlancashire 04-09-2018 07:18 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by xim


reposting

I don't know what the problem is, just follow this link and the majority if not all will find there is NOTHING to fear.

https://ico.org.uk/for-organisations...lf-assessment/

ITVV 04-09-2018 07:35 AM

Re: Gdpr - upcoming law for European merchants
 
@kevfromwiganinlancashire

That is an old, out of date service / requirement.

GDPR is the new kid on the block!

Kind regards

ITVV

chamberinternet 04-09-2018 07:43 AM

Re: Gdpr - upcoming law for European merchants
 
Also worth noting that GDPR was introduced from April 2016, so we've had a two year transition period to get compliant - so it's not a recent introduction.

Bottom Line - These rules are here to protect us as individuals so that we don't get bombarded with spam.

Any Non-EU site that doesn't want to comply can just disbale the list of EU countries from the their store so it prevents them from placing orders.... simple.

kevinrm 04-09-2018 08:06 AM

Re: Gdpr - upcoming law for European merchants
 
We don't have to comply and we can still accept orders from the EU, that's the point. I am not European, I don't live in Europe, if European customers find me online and wish to purchase from me that's on them, I am not beholden to the EU. They cannot enforce this. No, I doubt they can cross borders and impose fines on non Europeans in other countries, it's a scare tactic. About the only thing they might be able to do is prevent non-compliant companies from shipping into their countries, good luck on that. I'm calling the bluff...

Triple A Racing 04-09-2018 07:31 PM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by chamberinternet
...Bottom Line - These rules are here to protect us as individuals so that we don't get bombarded with spam...

Protect US :mrgreen: Really? Says who? George Orwell? :wink:
This is a forum. It's made for different opinions. They may and ofter do differ... :D/

voodoo1967 04-10-2018 11:41 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by kevinrm
We don't have to comply and we can still accept orders from the EU, that's the point. I am not European, I don't live in Europe, if European customers find me online and wish to purchase from me that's on them, I am not beholden to the EU. They cannot enforce this. No, I doubt they can cross borders and impose fines on non Europeans in other countries, it's a scare tactic. About the only thing they might be able to do is prevent non-compliant companies from shipping into their countries, good luck on that. I'm calling the bluff...


Really ? you may find that is not the case, if you sell to EU customers - they have the weight of the EU behind them. So on a larger scale if you live in Canada, then Canada as a country agree to adhere to GDPR (as they as a country want to trade with the EU). If they are not GDPR friendly , protect scammers & criminals etc then things will become rather uncomfortable for them.

From what I understand - this is enforceable locally, so it wont be the EU taking you to court - and you wont have to attend a court case in Brussels etc - but you may find yourself in court in your own city.

I understand the issues (and agree with some of them) but in their defence the EU are standing up to scammers, fake rip off businesses, and also for their own citizens rights to privacy - which includes the right to be forgotten etc.

Now this is going to become interesting as to what the US Govt think with regards to the Patriot Act (and another US law whose name escapes me). Google in the EU in Dublin MUST conform to GDPR if they want to trade in the EU. The US Govt seems to think it has jurisdiction over Google whatever country they are trading in.

Ive been going to various GDPR meetings in the UK for some months both with the ICO Information Commissioners Officer (GDPR enforcement) and various GDPR law firms - I only go - as it is provided as free advice.

If you are in the UK and want some contacts - please PM me. It's complicated but you can make sure your boxes are ticked if you follow the processes and go through the checks / compliances etc

elmirage001 04-10-2018 03:45 PM

Re: Gdpr - upcoming law for European merchants
 
As a US business with 97% of our sales to non EU countries it's not worth our time to try to become compliant with GDPR. I've also been monitoring to see if there were any exemptions to small mom & pop businesses and have not found any.

Here is a good page to read - https://www.compliancejunction.com/gdpr-for-us-companies/

We are going to opt out of GDPR and stop selling to EU countries. Step 1 is to uncheck all EU countries and the UK. But this still allows existing EU customers to place orders. At least in 4.6.6. Step 2 is to send EU customers to my GDPR Policy page whenever they click on the cart or checkout pages.

In cart.php around line 640

After:
Code:

// Update minicart
x_load('minicart');
$smarty->assign(func_get_minicart_totals());



Add:
Code:

//  GDPR - Send EU customers to GDPR static policy page

    $gdpr = "false";
    $eu_country  = Array('AT','BE','BG','HR','CY','CZ','DK','EE','FI','FR','DE','GR','HU','IE','IT','LV','LT','LU','MT','NL','PL','PT','RO','SK','SI','ES','SE','GB');
   
    foreach ($eu_country as $eu_test) {
        if (($eu_test == $userinfo['s_country']) or ($eu_test == $userinfo['b_country'])) {
            $gdpr = "true";
        }   
    }
   
    if ($gdpr == "true") {
        header("Location: https://mydomain.com/gdpr-policy.html");
        exit;
    }
   
// / GDPR


As I'm no where near an expert with php in x-cart I welcome those of you who are to test & post a better solution.

Use at your own risk :-)

Paul

Triple A Racing 04-10-2018 05:39 PM

Re: Gdpr - upcoming law for European merchants
 
Meanwhile... If you're looking for GPDR leading role models, then look no further than ICANN because they will be completely ready... surely? :wink:

ITVV 04-13-2018 06:43 AM

Re: Gdpr - upcoming law for European merchants
 
Looks like Google are not opting out of GDPR 8O 8O 8O

Have a read: -

Quote:

Dear Google Analytics Administrator,

Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today we are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This e-mail requires your attention and action even if your users are not based in the European Economic Area (EEA).

Product Updates
Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.

Action: Please review these data retention settings and modify as needed.

Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.

As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.

Contract And User Consent Related Updates

Contract changes
Google has been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.

In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.
• For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for your review/acceptance in your accounts (Admin ➝ Account Settings).
• For Google Analytics clients based in the EEA, updated data processing terms have already been included in your terms.
• If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.

Updated EU User Consent Policy

Per our advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google's EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.

Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.

Find Out More

You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms.

We will continue to share further information on our plans in the coming weeks and will update relevant developer and help center documentation where necessary.

Thanks,

The Google Analytics Team

I'll get my coat...

Kind regards

ITVV

cflsystems 04-13-2018 07:37 AM

Re: Gdpr - upcoming law for European merchants
 
For companies like Google, FB, Microsoft, etc which are international companies and have offices all over the worlds is impossible to opt out of this. Google has offices in EU so at the very least their EU business has to comply.

In this essence if your site is running Google Analytics for example, which will collect visitors data regardless of if you do business with EU or not, you have to comply.
If you have FB Like or Share on the site - you have to comply.

These scripts collect visitors data just by browsing your site, or interact with the feature, so disabling EU countries so visitors cannot purchase is not enough. ( post 31 elmirage001 )

kevinrm 04-13-2018 07:41 AM

Re: Gdpr - upcoming law for European merchants
 
Google, XYZ, ABC inc, that has an actual presence in Europe will not be able to opt out because, well, they're in Europe and thus have to. I can't see Google bailing out of Europe.

A small non-Europe based internet shop that has no presence whatsoever in the EU, who's owner is not a EU citizen, and happens to have Europeans visiting their sites online and making purchases cannot be forced to comply with the laws of some foreign land just because it's rulers dictate so - it doesn't work like that.

It's possible they might coerce the payment processing systems to force their customers to comply. Kind of like how the US government forces foreign banks to turn over all tax info about it's US customers abroad. Until it gets to that point, I won't really be going out of my way to comply with this thing.

ITVV 04-13-2018 07:53 AM

Re: Gdpr - upcoming law for European merchants
 
Just for the record, I do indeed know that Google has a European presence :-) :-) :-)

I was being 'Tongue in cheek' 8O 8O 8O

My point is that this whole GDPR issue has far reaching effect.

As Steve has pointed out: -

Quote:

In this essence if your site is running Google Analytics for example, which will collect visitors data regardless of if you do business with EU or not, you have to comply.
If you have FB Like or Share on the site - you have to comply.

These scripts collect visitors data just by browsing your site, or interact with the feature, so disabling EU countries so visitors cannot purchase is not enough. ( post 31 elmirage001 )

How on earth are companies thinking that they can "opt out" just because they don't like the idea? The likes of Google and FB have you trapped into having to comply!

Just saying...

I have now got my coat and hat on...

Regards

ITVV

elmirage001 04-13-2018 07:54 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by cflsystems
For companies like Google, FB, Microsoft, etc which are international companies and have offices all over the worlds is impossible to opt out of this. Google has offices in EU so at the very least their EU business has to comply.

In this essence if your site is running Google Analytics for example, which will collect visitors data regardless of if you do business with EU or not, you have to comply.
If you have FB Like or Share on the site - you have to comply.

These scripts collect visitors data just by browsing your site, or interact with the feature, so disabling EU countries so visitors cannot purchase is not enough. ( post 31 elmirage001 )


Thank you Steve for the info! I was in the process of reading the email I receive from Google. We are fortunate that we dominate our niche and don't rely on FB and haven't looked at GA in many months. We do spend time on SEMRUSH every day. :-)

cflsystems 04-13-2018 08:09 AM

Re: Gdpr - upcoming law for European merchants
 
I very much support the "close your FB account" movement :)

Keep in mind though it is not only Analytics. If you run Google AdWords and they are targeting EU, if you have FB OpenGraph on the site, or Instagram... All these are traps to collect visitors info and it has always been your responsibility to inform visitors about this.

@ITVV - don't forget to put on shoes ;)

ITVV 04-13-2018 08:11 AM

Re: Gdpr - upcoming law for European merchants
 
@cflsystems :lol: :lol: :lol:

I knew that I had forgotten something 8O

Kind regards

ITVV

voodoo1967 04-13-2018 11:14 AM

Re: Gdpr - upcoming law for European merchants
 
Quote:

Originally Posted by cflsystems
I very much support the "close your FB account" movement :)

Keep in mind though it is not only Analytics. If you run Google AdWords and they are targeting EU, if you have FB OpenGraph on the site, or Instagram... All these are traps to collect visitors info and it has always been your responsibility to inform visitors about this.

@ITVV - don't forget to put on shoes ;)


Steve you can inform visitors vis the usual cookies info and put in your Terms&Conditions etc.

Technically that FB data / Analytics data is stored on Google / FB servers, so as long as they are GDPR compliant and secure etc - then you should be ok on that front.

Ive spoken to the Information Commissioners Office in the UK and they are very friendly re GDPR, they acknowledge people may make mistakes etc - and it wil take a while to bed in. As long as you can show you have reasonable steps etc - they are more than happy to tell what you need do to get compliant - that's as far as UK businesses are concerned anyway.

What will be interesting is that the US govt think they will have jurisdiction when it comes to Google. That is - there is data on a Google server in Ireland, the US want to see that data etc - that will be an interesting outcome


All times are GMT -8. The time now is 04:47 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.