Announcement

Collapse
No announcement yet.

New GDPR Privacy Data Regulations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • graphicz
    started a topic New GDPR Privacy Data Regulations

    New GDPR Privacy Data Regulations

    There is a thread about the New GDPR Privacy Data Regulations on the wishlist section of this forum to which I have added a lot of information about GDPR and making sites compliant without needing to upgrade Sellerdeck (without warranty express or implied).

    I do not wish to duplicate but as it is a current topic you can read about it here:

    http://community.sellerdeck.com/show...t=57398&page=2

  • jtaylor
    replied
    Hi Martin

    Today there will be a more complete GDPR guide. Software related notes will also be available but we're asking customers to request independently to ensure we're not handing over the keys to just anyone and there's some sort of audit trail.

    If you get the regular email mailings, you'll receive this by close of business today.

    Thanks,
    Justin

    Leave a comment:


  • Mantra
    replied
    Originally posted by brucet View Post
    We will be issuing full guidelines in the next few working days. They are in the process of being finalised right now.
    With just 21 days left before GDPR implementation date and still waiting for information on how Sellerdeck products will not be a barrier to achieving compliance.

    Our Sellerdeck site is already established on an SSL server and considering the Guidelines concerning GDPR that Sellerdeck published back in January, I have spent many hours assessing the impact/risk of the data we hold as a business, upgrading to Windows 10 Pro to enable bitlocker encryption of the data we hold on our back office system, compiled a new privacy policy considering each of the Sellerdeck guideline headings as well as ICO and other guidance in turn and have now stalled because the software I am using (Sellerdeck V16.0.3) is not configured to enable the consents required to continue collecting personal data and marketing email messaging.

    I renewed my cover contract in the expectation that this would have been properly addressed in the new V18 release but it wasn't and given the issues that have been raised with the launch of this update it is now already too risky and too late in the day for GDPR to implement a complete software upgrade.

    Will the full guidelines address the barrier to compliance that I have identified above and if so when will a fix be issued to enable the consents required?

    When can this be expected?

    Martin Nichols
    Mantra Audio

    Leave a comment:


  • graphicz
    replied
    Will that be for all SD customers or just the favoured few?

    Leave a comment:


  • brucet
    replied
    We will be issuing full guidelines in the next few working days. They are in the process of being finalised right now.

    Leave a comment:


  • TJWM
    replied
    Can anyone advise if there any templates geared up to Sellerdeck regarding our back office procedures and risks? i am aware of the posts above starting to cover this.

    Would be ideal if Sellerdeck could produce something that covers at least the software.

    Leave a comment:


  • JimboS
    replied
    If it helps this is an extract from my conversation with the ICO:
    ====
    [10:43 AM] ico_craigm: What is a ‘soft opt-in’?

    The term ‘soft opt-in’ is sometimes used to describe the rule about existing customers. The idea is that if an individual bought something from you recently, gave you their details, and did n ot opt out of marketing messages, they are probably happy to receive marketing from you about similar products or services even if they haven’t specifically consented. However, you must have given them a clear chance to opt out – both when you first collected their details, and in every message you send.

    The soft opt-in rule means you may be able to email or text your own customers, but it does not apply to prospective customers or new contacts (eg from bought-in lists). It also does not apply to non-commercial promotions (eg charity fundraising or political campaigning).
    ….
    [10:54 AM] ico_craigm: You cant have a pre ticked box.
    [10:54 AM] James Sutton: But we coudl have an unticked box then that says 'if you DO NOT wish to receive our emails, please TICK this box'?
    [10:55 AM] ico_craigm: Correct
    ====

    And confirmed by an 'expert' in the field:

    If your customers are B2C (includes sole traders, individuals and partnerships) then you do need to adhere to PECR for the purposes of electronic marketing (see attached doc for an overview), and in this case where they have had or currently are buying products from you, then you can apply the soft opt-in. You would then rely upon 'Legitimate Interest' under GDPR for the processing of the contact details.
    I suppose it all depends if you are happy with using 'legitimate interest' to market to an existing customer or if you want to use 'explicit consent'.

    James

    Leave a comment:


  • Mantra
    replied
    Originally posted by JimboS View Post
    Just want to clarify one thing from the publication about eCommerce Marketing to existing customers.

    This nothing to do with GDPR but covered by PECR.

    According to a conversation I have had with the ICO you are still allowed to soft-opt in customer in (on the assumption they will want to hear form you) they just have to be given the chance to opt out if they want to.

    So a message saying we are signing you up unless you opt out by ticking this box is fine, for a customer.
    Sellerdeck/DPO please clarify/confirm the above as it impacts on the wording and form of opt-out option required.

    Martin

    Leave a comment:


  • graphicz
    replied
    Presta Shop have made their White Book on GDPR free to all: https://www.prestashop.com/en/guides/gdpr-whitepaper

    It is a shame that SD are having such a blatant scramble towards income generation often at the expense of long standing customers and developers/partners (whatever they call us).

    IMHO they owe a debt of loyalty to the huge raft of existing customers.

    That's me off the Christmas card list - again!

    Leave a comment:


  • Mike Hughes
    replied
    Hi Martin,

    Originally posted by Mantra View Post
    Mike

    The only change I am suggesting is that personal name, address data excluding email addresses are categorised down to C2 and that randomised encrypted anominity data is categorised down to C1.
    That makes sense to me. It expands the scale and differentiates between names and addresses, which are typically publicly available, and email addresses which tend to be a bit more sensitive and more open to abuse if revealed.

    Mike

    Leave a comment:


  • Mantra
    replied
    Originally posted by Mike Hughes View Post
    I wrote this post a few days ago but for some reason the forum won't let me post it. I'm going to try it in bits and see if I can do it this way. --> I've made it eventually.

    I've spent a little time considering the various opportunities for customers data to be accessed and what kind of measures might be appropriate to mitigate them. I'm sure the list isn't complete so please feel free to add, comment, disagree as you like. It would be good if we could come up with a list of risks and measures that covers most of the bases.
    If we can agree a suitable list of hazards then it shouldn't be too hard to come up with a reasonable assessment of the Likelihood of occurrence for various approaches to mitigation.
    Mike

    I copied the text from your 4 posts into a word file and made some minor changes in red text.

    Overall I believe you have made a very good first attempt at assessing the impacts of consequence/severity on the data side of things and the levels of protection/mitigation.

    The only change I am suggesting is that personal name, address data excluding email addresses are categorised down to C2 and that randomised encrypted anominity data is categorised down to C1.

    I believe GDPR applies to data generally not just that which is stored electronically, so storage of paper records may also need to be considered and addressed.

    I have used this as a basis to produce the working draft risk assessment complete with the edited version of your posts as a first attempt at a risk assessment that could be used, amended, added to by others to suit their own business operations.

    We are not set up to enable customer registration/logins and do not use third party carriers or order tracking, so these aspects are not included but will need to be considered by those businesses that do.

    Regards

    Martin
    Mantra Audio
    Attached Files

    Leave a comment:


  • JimboS
    replied
    Just want to clarify one thing from the publication about eCommerce Marketing to existing customers.

    This nothing to do with GDPR but covered by PECR.

    According to a conversation I have had with the ICO you are still allowed to soft-opt in customer in (on the assumption they will want to hear form you) they just have to be given the chance to opt out if they want to.

    So a message saying we are signing you up unless you opt out by ticking this box is fine, for a customer.

    It is not okay though for a prospects e.g. enter out competition and you will be signed-up unless you tick here.

    James

    Leave a comment:


  • Buzby
    replied
    Originally posted by Mantra View Post
    This is very dissappointing for those of us that have recently renewed our cover contracts and will not be updated and given access to further information, that according to the White Paper taster, will be provided to Sellerdeck Desktop 365 Plus customers.

    Martin Nichols
    Mantra Audio
    I have just cancelled my cover, and this was one of the deciding factors. The start of a two tier support structure. For my £1260 a year, I want to feel supported, and not cheated!

    Imagine the AA saying they will recover your car a week Thursday, unless you have car insurance with them in which case it will be an hour.

    I signed up to support, not a cut down version of it, with a 25% increase.

    Leave a comment:


  • John Ennals
    replied
    Sellerdeck have stated that v18.0.1 is to be released shortly with additional GDPR-related features.

    John

    Leave a comment:


  • Mantra
    replied
    Originally posted by John Ennals View Post
    The final piece in the jigsaw will be to upgrade to Selledeck 2018 to provide TLS emails and secure FTP. The cost of renewing the SD Cover contract to get this upgrade has been far and away the most expensive aspect of the exercise, and I think it may have been unnecessary as Article 32 says that cost may be taken into account alongside the level of risk when implementing technical solutions. Oh well...
    There is a complimentary taster of Sellerdeck's GDPR White Paper that can be downloaded from Sellerdeck 2018 microsite https://2018.sellerdeck.co.uk/gdpr-w...per-taster.php.

    This includes a list of actions you should take to comply with GDPR and some interesting commentary on the valid legal basis for marketing concerning "Consent" and "Legitimate Interest".

    The view taken is that, provided an appropriate process is gone through which can justify Legitimate Interest, then this basis can be used for marketing similar products to people who are customers.

    However, remember that an opt-out option must still always be provided, and we (Sellerdeck) will be supplying more information on how to go about this to Sellerdeck Desktop 365 Plus customers.

    It goes on to say that Sellerdeck will be making available a Full White Paper to Sellerdeck Desktop 365 Plus customers providing further information on the above points, to help understand the regulation and assist in becoming compliant.

    Reading this it seems to me that a critical GDPR requirement - marketing opt-out option has not been addressed for Sellerdeck 2018 release.

    This is very dissappointing for those of us that have recently renewed our cover contracts and will not be updated and given access to further information, that according to the White Paper taster, will be provided to Sellerdeck Desktop 365 Plus customers.

    Martin Nichols
    Mantra Audio

    Leave a comment:

Working...
X