GDPR for osCommerce – part 1 – Data privacy
multimixer | work | Wednesday July 4 2018The General Data Protection Regulation (GDPR) – Datenschutz-Grundverordnung (DSGVO) in German – is a regulation in EU law on data protection and privacy for all individuals within the European Union (read more here and here)
This post introduce a set of osCommerce modules that cover the GDPR obligations of:
1) Right of access: It gives citizens the right to access their personal data and information about how this personal data is being processed. A data controller must provide, upon request, an overview of the categories of data that are being processed as well as a copy of the actual data
2) Right to erasure: The data subject has the right to request erasure of personal data related to them
In simple terms, the set of modules being introduced here will allow your customers to:
- see what data you have stored about them
- download that data
- edit parts of that data
- delete parts of that data
Customers are ale to delete and edit anything but their orders, that you are obligated to keep for fiscal reasons
The set of modules create a new page called “account privacy” and a link to it on the accounts overview page. You can of course add more links to the account privacy page anywhere on your store.
The account privacy page, display all GDPR modules that you have installed in admin.
Each module contain a section of the customers data stored on the website. Modules display “collapsed” in order to have a better overview. Displaying all data at once could be confusing for store visitors and cause a lot of scrolling on mobile devices. The visible heading part of each module, display its title and 2 buttons.
- the “show” button expands the details on screen
- the “download” button allow customers to download the data of the corresponding module.
The “account data” module display the basic account data of the customer, like name, email, address, the date the account was created, number of logons etc. It also display any recorded actions of the “action recorder” modules that are included in osCommerce by default.
Customer can delete their account by pressing the “delete” button. In order to prevent accidetial deletion, customers have to confirm the action, since it can’t be undone.
The “address book” module display the main and any additional addresses the customer may have stored. Each address can be edited and each address – beside the main address – can be deleted on this page
The “subscriptions” module display the subscription status to newsletters and global product notiofications and create a list of products your customer has subscribed for, in order to receive individual product notifications and updates.
The customer can easily subscribe / unsubscribe to newsletters and global product notifications and easily remove any individual product notifications.
Its worth to mention that all actions are performed via ajax calls, that mean without page reloads that improve the customer experience specially on mobile devices
The “cookies” module display all cookies that the website stores on customers device. In admin, you can set the cookies that are essential for the store operation, like the “osCsid”, that is the session ID cookie. You can also add a optional description to each cookie to make clear what it is good for.
Your customers vcan delete any cookie by pressing the delete button
The “product reviews” module display all reviews the customer has submitted, regardless their status (you can turn the status of reviews on or off in admin and make them visible to public or not)
Your customer can either delete a review or “anonymize” it. The “anonymize” function replace characters of the customers name with asterisks (*)
The “orders” module display all customers orders. Orders do not really belong to personal data protected by GDPR, but I believe its a good idea to have that information on this page. Its is up to you to install the module in admin or not.
The module display a list of all orders. The customer can see the details of each order by pressing the “show details” button. Order details are shown without any page reload.
The details page display shipping and payment details, a list of the ordered products and the complete order history.
Orders can’t be deleted by the customer, the store has to keep order records or fiscal reasons
The “shopping cart” module display the contents of the customers cart. While this also doesn’t belong to data protected by GDPR, its good to have the option to display it on this page, you can decide your self if you want to show the module or not.
The customer can remove items from the shopping cart, the action is performed without any page reload
GDPR compliance is required for all websites and online stores, doesn’t matter if you are located in the European Union or not. The moment your online store is accessible by European Union citizens and you have customers that are European Union residents, you have to adapt, fines can be very high from what I’m reading.
In case you don’t have already an other solution and want to have that modules for your store, please get in touch.
You can also checkout part 2 about collecting customers consent
multimixer
Follow me on twitter. I'm not tweeting all day long and guaranteed no spam and no advertising.
Hi,
where can we find the set of modules for gdpr compliance ?
Thanks
Regards
Hello
Thank you for your comment
The GDPR modules are available upon request, I’ve sent you an email with details
Regards
Hello, can i get the gdprs moduls?
will be greatfude to have .
Nice day
Hello Irena
The osCommerce version you are using is too old unfortunately and the set of GDPR modules would not work on it
George
Multimixer,
Can you send me the GDPR module. I never installed any modules on osCommerce so I would need full instructions.
Thank you,
Anthony.
Hello Anthony
The modules are available at a cost
I’ll send you details by email
George