Hi Martin

Today there will be a more complete GDPR guide. Software related notes will also be available but we're asking customers to request independently to ensure we're not handing over the keys to just anyone and there's some sort of audit trail.

If you get the regular email mailings, you'll receive this by close of business today.

Thanks,
Justin

With just 21 days left before GDPR implementation date and still waiting for information on how Sellerdeck products will not be a barrier to achieving compliance.

Our Sellerdeck site is already established on an SSL server and considering the Guidelines concerning GDPR that Sellerdeck published back in January, I have spent many hours assessing the impact/risk of the data we hold as a business, upgrading to Windows 10 Pro to enable bitlocker encryption of the data we hold on our back office system, compiled a new privacy policy considering each of the Sellerdeck guideline headings as well as ICO and other guidance in turn and have now stalled because the software I am using (Sellerdeck V16.0.3) is not configured to enable the consents required to continue collecting personal data and marketing email messaging.

I renewed my cover contract in the expectation that this would have been properly addressed in the new V18 release but it wasn't and given the issues that have been raised with the launch of this update it is now already too risky and too late in the day for GDPR to implement a complete software upgrade.

Will the full guidelines address the barrier to compliance that I have identified above and if so when will a fix be issued to enable the consents required?

When can this be expected?

Martin Nichols
Mantra Audio

Will that be for all SD customers or just the favoured few?

We will be issuing full guidelines in the next few working days. They are in the process of being finalised right now.

Can anyone advise if there any templates geared up to Sellerdeck regarding our back office procedures and risks? i am aware of the posts above starting to cover this.

Would be ideal if Sellerdeck could produce something that covers at least the software.

If it helps this is an extract from my conversation with the ICO:

And confirmed by an 'expert' in the field:

I suppose it all depends if you are happy with using 'legitimate interest' to market to an existing customer or if you want to use 'explicit consent'.

James

Sellerdeck/DPO please clarify/confirm the above as it impacts on the wording and form of opt-out option required.

Martin

Presta Shop have made their White Book on GDPR free to all: https://www.prestashop.com/en/guides/gdpr-whitepaper

It is a shame that SD are having such a blatant scramble towards income generation often at the expense of long standing customers and developers/partners (whatever they call us).

IMHO they owe a debt of loyalty to the huge raft of existing customers.

That's me off the Christmas card list - again!

Hi Martin,

That makes sense to me. It expands the scale and differentiates between names and addresses, which are typically publicly available, and email addresses which tend to be a bit more sensitive and more open to abuse if revealed.

Mike

Mike

I copied the text from your 4 posts into a word file and made some minor changes in red text.

Overall I believe you have made a very good first attempt at assessing the impacts of consequence/severity on the data side of things and the levels of protection/mitigation.

The only change I am suggesting is that personal name, address data excluding email addresses are categorised down to C2 and that randomised encrypted anominity data is categorised down to C1.

I believe GDPR applies to data generally not just that which is stored electronically, so storage of paper records may also need to be considered and addressed.

I have used this as a basis to produce the working draft risk assessment complete with the edited version of your posts as a first attempt at a risk assessment that could be used, amended, added to by others to suit their own business operations.

We are not set up to enable customer registration/logins and do not use third party carriers or order tracking, so these aspects are not included but will need to be considered by those businesses that do.

Regards

Martin
Mantra Audio

Just want to clarify one thing from the publication about eCommerce Marketing to existing customers.

This nothing to do with GDPR but covered by PECR.

According to a conversation I have had with the ICO you are still allowed to soft-opt in customer in (on the assumption they will want to hear form you) they just have to be given the chance to opt out if they want to.

So a message saying we are signing you up unless you opt out by ticking this box is fine, for a customer.

It is not okay though for a prospects e.g. enter out competition and you will be signed-up unless you tick here.

James

I have just cancelled my cover, and this was one of the deciding factors. The start of a two tier support structure. For my £1260 a year, I want to feel supported, and not cheated!

Imagine the AA saying they will recover your car a week Thursday, unless you have car insurance with them in which case it will be an hour.

I signed up to support, not a cut down version of it, with a 25% increase.

Sellerdeck have stated that v18.0.1 is to be released shortly with additional GDPR-related features.

John

There is a complimentary taster of Sellerdeck's GDPR White Paper that can be downloaded from Sellerdeck 2018 microsite https://2018.sellerdeck.co.uk/gdpr-w...per-taster.php.

This includes a list of actions you should take to comply with GDPR and some interesting commentary on the valid legal basis for marketing concerning "Consent" and "Legitimate Interest".

The view taken is that, provided an appropriate process is gone through which can justify Legitimate Interest, then this basis can be used for marketing similar products to people who are customers.

However, remember that an opt-out option must still always be provided, and we (Sellerdeck) will be supplying more information on how to go about this to Sellerdeck Desktop 365 Plus customers.

It goes on to say that Sellerdeck will be making available a Full White Paper to Sellerdeck Desktop 365 Plus customers providing further information on the above points, to help understand the regulation and assist in becoming compliant.

Reading this it seems to me that a critical GDPR requirement - marketing opt-out option has not been addressed for Sellerdeck 2018 release.

This is very dissappointing for those of us that have recently renewed our cover contracts and will not be updated and given access to further information, that according to the White Paper taster, will be provided to Sellerdeck Desktop 365 Plus customers.

Martin Nichols
Mantra Audio

Mike,

Thank you for sharing the work you've done on this. It sounds like a perfectly sensible basis for a risk assessment, and I'm doing mine tomorrow (as rain is forecast).

I've found that the GDPR has really made me think about how I process personal data, and most of the changes I've made have been to do with handling paper records and purging old data once there's no legal basis for keeping it.

The final piece in the jigsaw will be to upgrade to Selledeck 2018 to provide TLS emails and secure FTP. The cost of renewing the SD Cover contract to get this upgrade has been far and away the most expensive aspect of the exercise, and I think it may have been unnecessary as Article 32 says that cost may be taken into account alongside the level of risk when implementing technical solutions. Oh well...

John