general data protection regulation Info GDPR regulations

[gdi.grup]

Hello,

It is my first post.

Can anyone tell me what do I need to implement in my Prestashop store to be compliant with GDPR regulations?

So far I've removed date of birth form from Authentication, installed EU cookie module and Data Privacy module. 

Do I have to do anything else?

Can someone from Romania tell me what they did to be compliant?

[li_damian]

Hello,

I'm also interested in making sure that my shops cover the GDPR requirements to a full degree. I've been searching in the modules list and only found this module, which I'm not sure that completely covers everyhting:

 

https://addons.prestashop.com/en/legal/289[spam-filter]gdpr-suite.html

 

To add to this - one of my shops is also running on version 1.49, which is not supported by this module.

 

I think that this is a very serious topic, as the fines for not keeping the law are very big. Could you please share how you are planning to prepare for the new law?

[li_damian]

Hello again,

Looking at the lack of replies to this thread - are we the only ones concerned about the effect of the new GDPR regulation?

[bluedude]

I'm very surprised too Prestashop hasn't created a post yet on GDPR. Not very professional if you ask me.

 

So does PS have plans to solve this in an update or by releasing modules? If not I wouldn't be surprised shop owners start switching to another solution, I would actually.

 

Cheers,

[tuk66]

It is very strange. Almost nobody in Europe think about it. I mean in small companies, not large enterprices. PrestaShop and shop owners are not exception.

As I can see other 'zone specific' solutions, like the European VAT number module, it won't be a part of the core, but rather a module.

I expect some solutions to appear on the forum.

[Guest]

Just started to look at this. 

It may depend on the size of your business, but I don't think there is too much to do on Prestashop.

Make sure tick boxes are not ticked by default so customers are making an active choice for newsletters, terms & Conditions etc

Remove all sign up fields that are not specifically required. E.g Date of birth and Mr /Mrs etc. Only ask for the data you actually need to complete the order

As far as i can tell you have to keep names and address as they form part of your tax obligations - classed as legitimate use

I think it is more about how you process things in your own office, shipping departments.

From what I have read, if you make an effort and show willing you should be OK. So create some CMS pages all about customer rights in the GDPR system. Perhaps even make it as the terms and conditions and make it so the customer has to click to say they have read it. So even if the GDPS police look at you, they would probably jsut advise improvements rather than fine, because you have tried your best

But I do think that linked module above will help

Bascially, don't expect prestashop to give you a one stop solution. This is more about how you operate, not the store software itself

 

[tuk66]

10 minutes ago, haylau said:

Bascially, don't expect prestashop to give you a one stop solution. This is more about how you operate, not the store software itself

 

 

Exactly, there is no common solution for all businesses, all cases, all shop settings. Everybody will have to deal with it a little differently.

[Guest]

Just spotted this article

 

https://www.prestashop.com/en/blog/prestashops-solutions-in-response-to-the-new-data-protection-requirements?utm_source=back-office&utm_medium=rss&utm_campaign=back-office-GB&utm_content=download

 

[mowax]

Something nobody is talking about is the data retention policy, ie. how long to keep the different types of data.

For the main data categories, we are supposed to explain in the privacy policy the legal basis for processing and also how long the data will be kept (ie. the retention period). GDPR doesn't include rules for retention periods, it only says that you should  keep the data for the amount of time necessary for the purpose of processing and no longer. So we have to decide what is a necessary length of time for each type of data collected.

The main data categories are ( I think) :

1) usage data (eg. google analytics) - my retention period is 50 months because that is the setting I applied in google analytics admin

2) account data (customer's personal details) - i think about 7 years for this, any other thoughts???

3) publication data (reviews, public comments, etc.) - i guess we can retain this data for as long as it is useful for the purpose, any other thoughts?

4) enquiry data (messages from the contact form) - i think about 4 years for this, maybe less?

5) transaction data (payment details, usually handled by 3rd parties eg. paypal, sagepay etc.) - this is determined by the practices of paypal, sagepay etc.

6) notification data (newsletters, alerts) - how long for this data???

7) correspondence data (emails from customers) - I have no idea for this data. I don't like to delete emails in case I need to refer to them years later. Perhaps 7 years?

 

I hope some people reply and give their thoughts, I really want to know what people think!