GDPR for osCommerce – part 2 – Customer consent

The General Data Protection Regulation (GDPR) – Datenschutz-Grundverordnung (DSGVO) in German – is a regulation in EU law on data protection and privacy for all individuals within the European Union (read more here and here)

In the first part of my GDPR post I introduced a set of modules related to customers “Right of access” and “Right to erasure” In this post I’m going to introduce a module that will allow you collect customers consent for collecting and processing their data. Customers consent is required to process personal data by the GDPR regulations

In what cases do you  collect customer data on your online store ? 2 obvious cases are

• your visitors create an account
• your customers place a order

There are more cases of course where you could think/say that a customer/visitor is submitting personal data to the store, like sending a message through the contact form, writing a review, signing up to a newsletter etc.

Having that in mind, I created a flexible module that places a special “accept terms” section to forms where visitors submit their data. You can enable/disable the module for various forms and pages in admin.

The module display a checkbox hat people have to check in order to accept your terms and disables the “submit” button until the checkbox is checked

On the right side of the checkbox is a link to your terms and conditions, clicking on it activate a pop up window that display your terms

The content of the pop up window can be either a static file (like e.g. privacy.php or conditions.php etc) or a page created in admin with the MTS page manager. This you can set in admin, I’ll explain later on.

At the bottom of the pop up window, people can either accept the terms or close the window without accepting. Pressing on accept will close the pop up and check the checkbox.

Checking the checkbox enables the submit button and people can proceed

The module is self contained, there are no files to edit and all settings can be done in admin

You can set on what pages you want to enable the module.

Of course It makes sense only for pages where people submit something, so some of the store files are excluded from the list (like e.g. product_info.php)

You can have the pop up loading automatically upon page load, for this simply turn auto pop up “on”. People will get the terms pop up the moment they visit a page that has the module enabled. This is a good idea if you want to force people read your terms

Next, you can select what the content of the pop up should be. As said, you can either use one of your existing static pages (like privacy.php) or a MTS page created with the MTS page manager. In admin, you can either type in the filename you want to use or simply the ID of the page you created with MTS page manager

It is very easy to create a new page using MTS pages manager, the feature is available only to MTS users

Finally you can make various design decisions in admin and adjust the look of the section to your store design

The accept terms area display very nicely on small screens as well

GDPR compliance is required for all websites and online stores, doesn’t matter if you are located in the European Union or not. The moment your online store is accessible by European Union citizens and you have customers that are European Union residents, you have to adapt.

In case you don’t have already an other solution and want to have that modules for your store, please get in touch. While the module is tailored to MTS stores, there is an alternative solution available for regular stores

multimixer