Announcement

Collapse
No announcement yet.

Gdpr

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Gdpr

    With the deadline looming for the implementation of GDPR there does not seem to be much information on it relating to Sellerdeck.

    Sellerdeck themselves appear to be working on the compliance but from what I have read this is only on a new version which they are going to release.

    This leaves the rest of us who do not want/can not afford to upgrade sort of out in the cold.

    Does anyone else share my concern about this or is there a simple solution and I am worrying unnecessarily?
    Scottish Gifts 4U - quality gifts from Scotland

    #2
    Don't worry, Sellerdeck say they will release it before the deadline.

    So expect to be working through the night on May 24th.

    2 months to go and without any sort of statement as to what is happening I feel is very poor.
    Regards

    Jason

    Titan Jewellery (Swift Design)
    Damascus Steel Rings

    Comment


      #3
      From what i have been told it will only be available on V18

      Comment


        #4
        And this is what is unacceptable, 2 months to go and no one has any idea what is happening, and how they can be ready.

        I run 4 sites on 2014 and 2016, so is it a minor upgrade on each software, or do all 4 sites have to be upgraded to 2018?

        Time is ticking Sellerdeck
        Regards

        Jason

        Titan Jewellery (Swift Design)
        Damascus Steel Rings

        Comment


          #5
          I'm not sure if you are aware, but we already issued a statement here, and it has a link to a blog post with more information: https://community.sellerdeck.com/showthread.php?t=57457

          A white paper with additional help and information is in final draft and will be available very soon. Sellerdeck v18 will also be released shortly, with a number of enhancements designed to support GDPR. For users of currently supported versions who do not wish to upgrade, as far as possible we will provide appropriate steps to enable you to identify and mitigate any risks.

          So we are taking active steps to ensure that our software is not a barrier to GDPR compliance. However please note - we cannot make you compliant, nor can we provide comprehensive advice on how to comply. GDPR touches all of your business processes. Each business is individual, and each is responsible for its own compliance. So please don't wait for us - only you can establish what the new regulation means for your own business, and it's most important that you do.
          Bruce Townsend
          Ecommerce Product Manager
          Sellerdeck Ecommerce Solutions

          Comment


            #6
            Hi Bruce,

            Yes I was aware of that, however doesn't mention what versions will be covered, so as I say 2 months to go and I do not know if my sites will be supported.

            Also no mention of timescale, too close and people won't have time to implement. How about designers who will have a mad rush?

            Can you confirm which versions will be covered, You know, so please let us know so we can make plans.

            I am aware that we need to do more to be compliant, but how do we do that when we don't know what the website will, and will not do. It is like writing a user manual for a product you've never seen.

            I pay £1000 a year to be, not informed and kept up to date.
            Regards

            Jason

            Titan Jewellery (Swift Design)
            Damascus Steel Rings

            Comment


              #7
              Originally posted by brucet View Post
              So we are taking active steps to ensure that our software is not a barrier to GDPR compliance.
              I understand the MS Access database in Sellerdeck 2018 will not be encrypted, which I suggest is a fairly significant barrier. In this respect SD 2018 will not be inherently GDPR compliant, and will need to be installed on an encrypted hard drive in order to make it so.

              John
              John Ennals
              www.tortoys.co.uk

              Comment


                #8
                Originally posted by brucet View Post
                Sellerdeck v18 will also be released shortly, with a number of enhancements designed to support GDPR. For users of currently supported versions who do not wish to upgrade, as far as possible we will provide appropriate steps to enable you to identify and mitigate any risks.
                I downloaded v18 BETA and noted that there does not appear to be any change to the Business Settings | Terms and Conditions | Privacy Policy template nor any mention of enhancements designed to support GDPR in the Release Notes. Please can you provide some more information on what these enhancements are likely to incorporate so that users can be prepared in advance?

                Originally posted by brucet View Post
                So we are taking active steps to ensure that our software is not a barrier to GDPR compliance. However please note - we cannot make you compliant, nor can we provide comprehensive advice on how to comply. GDPR touches all of your business processes. Each business is individual, and each is responsible for its own compliance. So please don't wait for us - only you can establish what the new regulation means for your own business, and it's most important that you do.
                My reading of this is that each business must consider its own responsibilities for compliance according to the requirements that impact on the data it collects, stores and processes and this seems a reasonable expectation.

                The first step then would be for each business to identify the requirements and formulate a policy statement that addresses each of the requirements in turn. The question then is how would this Policy Statement with any associated consents needed be integrated into the SellerDeck software? Please advise how the new version of the software will address this requirement so that businesses can take this into account in the formulation of the GDPR Policy Staement. For the time being I feel that Business Settings | Terms and Conditions | Privacy Policy could be expanded used for this purpose.

                Martin Nichols
                Mantra Audio
                Last edited by Mantra; 26-Mar-2018, 04:03 PM. Reason: typo + extra words
                Martin
                Mantra Audio

                Comment


                  #9
                  Just had a Email from SD

                  They are producing a white paper but only available for Sellerdeck Desktop 365 Plus customers

                  Way to alienate your customers who dont want to take a lower standard product for more money !

                  Comment


                    #10
                    Yes, it also says this on the Sellerdeck 2018 microsite.

                    I was contacted on 22nd March by a Sellerdeck employee (I'll refrain from naming him here) to ask whether I had received notification of the price increases. I told him I had, and I asked him whether the GDPR white paper would be available to those of us with Sellerdeck Cover as well as Sellerdeck 365 customers. He said it would.

                    However, in the same conversation I asked whether the Access database in Sellerdeck 2018 was going to be encrypted and he confirmed it would be. As this is not true, I am not particularly hopeful about receiving the white paper either.

                    Incidentally, on 13th March Sellerdeck sent me an email saying that my Sellerdeck Cover would renew on 27/3/18 at £436.00 exc. VAT, which was a nice surprise. Needless to say on 27/3/18 they actually charged me £545.00 exc. VAT.

                    Seems fake news is everywhere these days. Wonder how long this post will stay up?

                    John
                    John Ennals
                    www.tortoys.co.uk

                    Comment


                      #11
                      Originally posted by John Ennals View Post
                      Yes, it also says this on the Sellerdeck 2018 microsite.

                      I was contacted on 22nd March by a Sellerdeck employee (I'll refrain from naming him here) to ask whether I had received notification of the price increases. I told him I had, and I asked him whether the GDPR white paper would be available to those of us with Sellerdeck Cover as well Sellerdeck 365 customers. He said it would.

                      However, in the same conversation I asked whether the Access database in Sellerdeck 2018 was going to be encrypted and he confirmed it would be. As this is not true, I am not particularly hopeful about receiving the white paper either.

                      Incidentally, on 13th March Sellerdeck sent me an email saying that my Sellerdeck Cover would renew on 27/3/18 at £436.00 exc. VAT, which was a nice surprise. Needless to say on 27/3/18 they actually charged me £545.00 exc. VAT.

                      Seems fake news is everywhere these days. Wonder how long this post will stay up?

                      John
                      I had a very similar experience, i have 1 key and 3 users, turns out i have been only paying for support for 2 users !!

                      I also sent a snapshot over to them with a view to upgrading to V18, no reply.

                      Comment


                        #12
                        Originally posted by PJ ENG View Post
                        Just had a Email from SD

                        They are producing a white paper but only available for Sellerdeck Desktop 365 Plus customers

                        Way to alienate your customers who dont want to take a lower standard product for more money !
                        Just 7 weeks to go before compliance date and we still do not know how SellerDeck intends to enable its customers to be GDPR compliant!!!
                        Martin
                        Mantra Audio

                        Comment


                          #13
                          From what I can see the GDPR is actually quite a sensible regulation where the scope and extent of the requirements depends very much on the sensitivity of the personal data being collected, the risk to the rights of the person who's data it is and the costs and risks associated with implementation when assessing appropriate measure.

                          For example here is the main clause regarding security of Data Processing


                          Security of Data - Security of processing

                          1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the
                          controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk,
                          In my view, as a retailer who won't be storing particularly sensitive data, where the data being stored is not done on a major scale, where it won't be shared for processing with other companies and where the risk to the rights of the individuals concerned is relatively small then I am reasonably confident that I can take (am already taking) measures that will be compliant with the GDPR.

                          I am also confident that the data I am collecting and storing (Name, Address, Contact Details, Products Purchased, Method of Payment. etc) has unambiguous consent for it's use in fulfilling my obligations of delivery and follow up customer service and support. I'll make sure this is clearly explained in the terms and conditions and prior to purchase.

                          Marketing to my existing customer base is one area I'll have to consider to make sure I have the appropriate consent in place.

                          The only area that concerns me really is the right to be forgotten and to me there are two areas I need to look into:

                          Firstly, if a customer buys something from me, how long should I hold his/her data to satisfy customer service and accounting requirements? I quite often have customers contacting me up to three years after purchase but after that I'm not so sure. I think there might be a requirement to keep financial and accounting records for up to 7 years but whether that includes customer purchase and payment data I don't know.

                          Secondly, should a customer request for personal data to be erased / no longer consent to it's use, how do i implement that? In the most simple procedure I could just overwrite the personal data in sellerdeck. Again, I believe I am allowed to keep that data as long as there are legitimate legal grounds for retaining it so I'm not expecting a major problem here either, a simple procedure enabling the customer to make the request and for me to implement it should be fine.

                          So all in all, I'm not sure I have too much of a requirement for new stuff from Sellerdeck. The use of TLS for sending emails coming in 2018 doesn't seem necessary to me but given it's low cost of implementation then it makes sense. Not a deal breaker either way for most Sellerdeck users.

                          I have to admit, I think a lot of the scare stories out there are coming from consultants wanting to chase down some nice little earners and making it seem far more draconian than it probably is for most retailers.

                          What does everyone else think? Is there anyone considering more drastic measures?
                          -----------------------------------------

                          First Tackle - Fly Fishing and Game Angling

                          -----------------------------------------

                          Comment


                            #14
                            I think there might be a requirement to keep financial and accounting records for up to 7 years but whether that includes customer purchase and payment data I don't know.
                            In my case I'm self-employed so HMRC requires me to retain records for at least 5 years after the tax return submission deadline. The HMRC website suggests those records should include sales invoices. Therefore my Privacy and Security policy will state that specified personal data will be collected in order to process and deliver orders, and that data will be retained for (say) 6 years to comply with HMRC rules.

                            I think you can purge old orders fairly easily from Sellerdeck by filtering by date then deleting. Looking at the database table structure I guess that would remove the customer's name, address etc. unless there also existed newer orders for that customer that hadn't been deleted. Somebody at Sellerdeck would need to confirm this.

                            John
                            John Ennals
                            www.tortoys.co.uk

                            Comment

                            Working...
                            X