Announcement

Collapse
No announcement yet.

The GDPR

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    Using the 'Terms and Conditions agreed RWD' layout to get express consent.

    Using the 'Terms and Conditions agreed RWD' layout to get express consent.

    Forum is throwing script errors again so please read this text file - thank you.

    https://www.webeg.net/gdpr-06.txt
    Jonathan Chappell
    Website Designer
    SellerDeck Website Designer
    Actinic to SellerDeck upgrades
    Graphicz Limited - www.graphicz.co.uk

    Comment


      #47
      Helpful Notes on GDPR

      Here is a very helpful document about GDPR from Heart Internet - again released to all, not just to a limited group of subscribers.

      https://www.heartinternet.uk/blog/a-...do-to-prepare/

      Further Link

      https://www.heartinternet.uk/blog/a-...Newsletter+3+A
      Jonathan Chappell
      Website Designer
      SellerDeck Website Designer
      Actinic to SellerDeck upgrades
      Graphicz Limited - www.graphicz.co.uk

      Comment


        #48
        I am considering using the "invoicePrivacy" part of your suggested coding changes as a Legitimate Interest soft opt-in option to recieve emails - so that customers have to check this to opt out which is similar to existing invoicePrivacy.
        Having quickly read through the Heart Internet GDPR blog paper, it appears that a soft opt-in option should not be an option to receive email communications and that an informed consent checkbox tick will be required after all.
        Martin
        Martin
        Mantra Audio

        Comment


          #49
          You can use a soft opt-in for customers if you use Legitimate Interest as the basis for contacting them (as we would recommend). But you must give the opportunity to opt out. See eg https://ico.org.uk/for-organisations...ail-marketing/ which is the definitive interpretation for the UK.

          What you cannot do is have an 'opt in' check box that is pre-ticked. If it's an 'opt in' box, then the subject must make an affirmative action to check it.

          Either way, you must make clear what they are opting into. And you must not send them anything beyond the bounds of it.
          Bruce Townsend
          Ecommerce Product Manager
          Sellerdeck Ecommerce Solutions

          Comment


            #50
            I am waiting for this prior to making my site legal for the 25th.

            Is it worth the wait?
            Regards

            Jason

            Titan Jewellery (Swift Design)
            Damascus Steel Rings

            Comment


              #51
              I've just received it but my copy was 4 pages in total!!
              Elysium:Online - Official Accredited SellerDeck Partner
              SellerDeck Design, Build, Hosting & Promotion
              Based in rural Northants

              Comment


                #52
                The PDF suggests an htaccess file to prevent download of *.fil, *.session, *.authorise, *.mail

                I have put an htaccess on a test instance of SD containing this:

                Code:
                <FilesMatch " *.fil, *.session, *.authorise, *.mail">
                    Order Allow,Deny
                    Deny from All
                </FilesMatch>
                and the site still seems to work. It is http://www.graphicz.solutions/gdpr/ and I put the htaccess in the acatalog directory. If you put http://www.graphicz.solutions/gdpr/a...oldaddress.fil for example in the browser address bar you now get a 404
                Jonathan Chappell
                Website Designer
                SellerDeck Website Designer
                Actinic to SellerDeck upgrades
                Graphicz Limited - www.graphicz.co.uk

                Comment


                  #53
                  Jonathan, thank you for providing the code above. I was just about to implement it but I thought I would first check a couple of *.fil and *.session files beforehand. My 404 error page loaded straight away, which I thought was odd because I haven't yet uploaded any kind of .htaccess file to my /acatalog/ folder so in theory there should be no file-blocking going on as yet.

                  Would anybody know why this is happening please? I definitely typed the URLs/file names correctly (eg, https://www.mysite.com/acatalog/oldaddress.fil).

                  Comment


                    #54
                    Laura, I tried this also on my site for //oldaddress.fil and this returned an access forbidden message. I tried again using //newaddress.fil and this returned a file not found on this server message.
                    There is no htaccess file in the catalog directory for my site.
                    I could not find any *.session files on my site so could not try this.
                    In view of the above, I can only assume that the necessary security protection is established on the server side maybe as a requirement for SSL certification.
                    Martin
                    Mantra Audio
                    Martin
                    Mantra Audio

                    Comment


                      #55
                      It maybe that the server is already blocking, I think the htaccess thing was if the server wasn't. I really wanted to see if adding the htaccess entry would stop AD working (by blocking the files) but it didn't. Unless I have got it all completely wrong!

                      Best wishes

                      Jonathan
                      Jonathan Chappell
                      Website Designer
                      SellerDeck Website Designer
                      Actinic to SellerDeck upgrades
                      Graphicz Limited - www.graphicz.co.uk

                      Comment


                        #56
                        Originally posted by Buzby View Post
                        I am waiting for this prior to making my site legal for the 25th.

                        Is it worth the wait?
                        On balance I believe Yes.
                        The hardest part for me was to compile a new privacy policy to address the requirements of GDPR consulting the regulations, published guidance etc. and completing an impact risk assessment for my particular business possibly in the wrong order but it came good in the end.
                        The control/mitigation measures required that I identified in the risk assessment for my business have been considered in the recommendations so far as SD Desktop applications are concerned together with some other aspects that I had not considered.
                        I have completed and uploaded the changes today as I cannot wait until 25 May to do this due to other commitments.

                        Martin
                        Mantra Audio
                        Martin
                        Mantra Audio

                        Comment


                          #57
                          Originally posted by Mantra View Post
                          Laura, I tried this also on my site for //oldaddress.fil and this returned an access forbidden message. I tried again using //newaddress.fil and this returned a file not found on this server message.
                          There is no htaccess file in the catalog directory for my site.
                          I could not find any *.session files on my site so could not try this.
                          In view of the above, I can only assume that the necessary security protection is established on the server side maybe as a requirement for SSL certification.
                          Martin
                          Mantra Audio
                          Thanks, Martin. Ahh, you've just made me realise something - I have the same page for 404 and 403 so I was assuming they were all just coming up as 404 errors.
                          I just edited the 403 page slightly and I can now see what you can - /oldaddress.fil is causing a 'forbidden' 403 page, whilst any page that doesn't exist causes a 'not found' 404 page. My session files also cause a 'forbidden' 403 page.

                          On a related note though, I can still view my 'error.err' file and I can't see why I would want anyone viewing that. So I just altered Jonathan's code slightly to just reference '.err' files, and it has now blocked access to my 'error.err' file with a 'forbidden' 403 page. So good stuff, Jonathan! Thank you for sharing.

                          Comment


                            #58
                            Originally posted by graphicz View Post
                            It maybe that the server is already blocking, I think the htaccess thing was if the server wasn't. I really wanted to see if adding the htaccess entry would stop AD working (by blocking the files) but it didn't. Unless I have got it all completely wrong!

                            Best wishes

                            Jonathan
                            I think it must be, Jonathan. However, your code has helped me with something else (see above) so thank you

                            Comment


                              #59
                              If you block access to error.err file using htaccess does that stop you from viewing error.err from within SellerDeck?
                              Elysium:Online - Official Accredited SellerDeck Partner
                              SellerDeck Design, Build, Hosting & Promotion
                              Based in rural Northants

                              Comment


                                #60
                                Originally posted by Goz View Post
                                If you block access to error.err file using htaccess does that stop you from viewing error.err from within SellerDeck?
                                Andrew, I just checked and yes, it does block it. I've never viewed 'error.err' from within SD though, I always access it via FTP.

                                Comment

                                Working...
                                X