Announcement

**graphicz** · 03-May-2018, 12:53 PM

Using the 'Terms and Conditions agreed RWD' layout to get express consent.

Using the 'Terms and Conditions agreed RWD' layout to get express consent.

Forum is throwing script errors again so please read this text file - thank you.

https://www.webeg.net/gdpr-06.txt

**graphicz** · 03-May-2018, 03:17 PM

Helpful Notes on GDPR

Here is a very helpful document about GDPR from Heart Internet - again released to all, not just to a limited group of subscribers.

https://www.heartinternet.uk/blog/a-...do-to-prepare/

Further Link

https://www.heartinternet.uk/blog/a-...Newsletter+3+A

**Mantra** · 03-May-2018, 04:57 PM

I am considering using the "invoicePrivacy" part of your suggested coding changes as a Legitimate Interest soft opt-in option to recieve emails - so that customers have to check this to opt out which is similar to existing invoicePrivacy.

Having quickly read through the Heart Internet GDPR blog paper, it appears that a soft opt-in option should not be an option to receive email communications and that an informed consent checkbox tick will be required after all.
Martin

**brucet** · 04-May-2018, 04:54 PM

You can use a soft opt-in for customers if you use Legitimate Interest as the basis for contacting them (as we would recommend). But you must give the opportunity to opt out. See eg https://ico.org.uk/for-organisations...ail-marketing/ which is the definitive interpretation for the UK.

What you cannot do is have an 'opt in' check box that is pre-ticked. If it's an 'opt in' box, then the subject must make an affirmative action to check it.

Either way, you must make clear what they are opting into. And you must not send them anything beyond the bounds of it.

**Buzby** · 09-May-2018, 11:31 AM

I am waiting for this prior to making my site legal for the 25th.

Is it worth the wait?

**Goz** · 09-May-2018, 01:00 PM

I've just received it but my copy was 4 pages in total!!

**graphicz** · 09-May-2018, 02:09 PM

The PDF suggests an htaccess file to prevent download of *.fil, *.session, *.authorise, *.mail

I have put an htaccess on a test instance of SD containing this:

Code:

<FilesMatch " *.fil, *.session, *.authorise, *.mail">
    Order Allow,Deny
    Deny from All
</FilesMatch>

and the site still seems to work. It is http://www.graphicz.solutions/gdpr/ and I put the htaccess in the acatalog directory. If you put http://www.graphicz.solutions/gdpr/a...oldaddress.fil for example in the browser address bar you now get a 404

**MrsBee** · 09-May-2018, 06:03 PM

Jonathan, thank you for providing the code above. I was just about to implement it but I thought I would first check a couple of *.fil and *.session files beforehand. My 404 error page loaded straight away, which I thought was odd because I haven't yet uploaded any kind of .htaccess file to my /acatalog/ folder so in theory there should be no file-blocking going on as yet.

Would anybody know why this is happening please? I definitely typed the URLs/file names correctly (eg, https://www.mysite.com/acatalog/oldaddress.fil).

**Mantra** · 10-May-2018, 06:23 AM

Laura, I tried this also on my site for //oldaddress.fil and this returned an access forbidden message. I tried again using //newaddress.fil and this returned a file not found on this server message.
There is no htaccess file in the catalog directory for my site.
I could not find any *.session files on my site so could not try this.
In view of the above, I can only assume that the necessary security protection is established on the server side maybe as a requirement for SSL certification.
Martin
Mantra Audio

**graphicz** · 10-May-2018, 06:31 AM

It maybe that the server is already blocking, I think the htaccess thing was if the server wasn't. I really wanted to see if adding the htaccess entry would stop AD working (by blocking the files) but it didn't. Unless I have got it all completely wrong!

Best wishes

Jonathan

**Mantra** · 10-May-2018, 06:54 AM

Originally posted by Buzby View Post

I am waiting for this prior to making my site legal for the 25th.

Is it worth the wait?

On balance I believe Yes.
The hardest part for me was to compile a new privacy policy to address the requirements of GDPR consulting the regulations, published guidance etc. and completing an impact risk assessment for my particular business possibly in the wrong order but it came good in the end.
The control/mitigation measures required that I identified in the risk assessment for my business have been considered in the recommendations so far as SD Desktop applications are concerned together with some other aspects that I had not considered.
I have completed and uploaded the changes today as I cannot wait until 25 May to do this due to other commitments.

Martin
Mantra Audio

**MrsBee** · 10-May-2018, 08:44 AM

Originally posted by Mantra View Post

Laura, I tried this also on my site for //oldaddress.fil and this returned an access forbidden message. I tried again using //newaddress.fil and this returned a file not found on this server message.
There is no htaccess file in the catalog directory for my site.
I could not find any *.session files on my site so could not try this.
In view of the above, I can only assume that the necessary security protection is established on the server side maybe as a requirement for SSL certification.
Martin
Mantra Audio

Thanks, Martin. Ahh, you've just made me realise something - I have the same page for 404 and 403 so I was assuming they were all just coming up as 404 errors.
I just edited the 403 page slightly and I can now see what you can - /oldaddress.fil is causing a 'forbidden' 403 page, whilst any page that doesn't exist causes a 'not found' 404 page. My session files also cause a 'forbidden' 403 page.

On a related note though, I can still view my 'error.err' file and I can't see why I would want anyone viewing that. So I just altered Jonathan's code slightly to just reference '.err' files, and it has now blocked access to my 'error.err' file with a 'forbidden' 403 page. So good stuff, Jonathan! Thank you for sharing.

**MrsBee** · 10-May-2018, 08:45 AM

Originally posted by graphicz View Post

It maybe that the server is already blocking, I think the htaccess thing was if the server wasn't. I really wanted to see if adding the htaccess entry would stop AD working (by blocking the files) but it didn't. Unless I have got it all completely wrong!

Best wishes

Jonathan

I think it must be, Jonathan. However, your code has helped me with something else (see above) so thank you

**Goz** · 10-May-2018, 02:15 PM

If you block access to error.err file using htaccess does that stop you from viewing error.err from within SellerDeck?

**MrsBee** · 10-May-2018, 02:41 PM

Originally posted by Goz View Post

If you block access to error.err file using htaccess does that stop you from viewing error.err from within SellerDeck?

Andrew, I just checked and yes, it does block it. I've never viewed 'error.err' from within SD though, I always access it via FTP.

Announcement

The GDPR

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment