Hi, I received your newsletter today with information regarding GDPR compliance, thank you. I've just started looking into this and I believe I will need to add a script to my site to ask customers to accept cookies and this acceptance needs to be stored. I have found some third party sites offering this service for a monthly fee, but I was wondering if you have any plans to add this functionality to the cart. If not can you recommend a good solution?

Richard

Hi Richard

Can you let me know where you read about having to store cookie acceptance, it's not something I came across in my research?

Andy

Please feel free to review / rate our software

Hi Andy, To be honest I haven't studied this properly yet so I may be wrong about the need to store this information. ..There seems to be a lot of confusing and conflicting information out there, most of which probably isn't relevant to me. The document '12 Steps to take now' does state 'Consent has to be verifiable...' and I read on some of the third party websites offering cookie consent management services that user consent is stored. I'll have to look into it a bit more..

Richard.

It is very confusing and conflicting - we just put guidelines in the newsletter to get people thinking about it. A lot of the information out there is aimed at enterprise level companies, and I think that's who the directive is aimed at principally but I think everyone should look at their privacy policy and prepare for what would happen if somebody were to ask for the data held or for the data to be deleted. I think any more than that would require getting professional advice.

Andy

Please feel free to review / rate our software

Thanks Andy, GDPR compliance is starting to appear a lot more straight-forward that it first appeared. I think you are right about a lot of the information applying to enterprise level companies ..and I feel that a lot of websites trying to sell compliance services are quite unhelpful and misleading. I have now found a free cookie consent script which seems to work quite well so now I think I just need to update my privacy policy.

Richard.

Hi,

Can you please advise what cookies are generated by ECT and what information is stored in them?

Also, I have started receiving emails from other online companies asking me to re-subscribe to their mailing lists so they have a record of me opting in. Do you think this is strictly necessary for GDPR compliance? And is there any way to generate and store opt in records?

Richard.

I haven't received any mails asking me to opt-in again and I would be surprised if it is actually a requirement - maybe those companies have their own particular reasons for doing so, maybe they are setting up new systems. I know I've received mails from companies I bought from and am pretty sure I never signed up to a mailing list so maybe that's the scenario they are covering. With any doubts about requirements I think it's better to get professional advice.

The cart contents are stored in a cookie as are the billing / shipping details if using the Remember Me function on checkout / customer login.

Andy

Please feel free to review / rate our software

I just received a newsletter I never signed up to. I saw this in the footer, "You are receiving this email because I found your contact details on Google." - these type of companies will need to review their policies

Andy

Please feel free to review / rate our software

Hi Richard,
I've received similar emails:

quote:

---

You probably know about the new General Data Protection Regulation
(GDPR) that comes into effect May 25, 2018.

In order to comply with GDPR consent requirements, we need to confirm that you are Happy to continue to receive emails and Newsletters from us.

The security of your personal details is extremely important to us and we treat all information with the utmost care.

You receive our NewsLetters because you have registered with our system to enable orders to be securely processed, and this also enables us to keep you informed of any updates to our Stock and also keep you updated ref any Special Offers that we run from time to time.

---

So I'm guessing for those who don't reply it appears you're legally obliged to remove them from your mailing list?



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

The new rules seem to be open to interpretation and it appears that some companies are playing it safer than others. I imagine most mailing lists would shrink dramatically if people had to re-subscribe.

Richard.

Hi,

I just received an email from my web hosting company explaining GDPR compliance requirements and offering their services (for a fee) to ensure that our website is compliant. Regarding mailing lists they state the following...

-------------------
Mailing list compliance

If you keep mailing lists and send out mailshots, then under the new regulations, you need to be able to show actual proof of how a person was added to your mailing list and when it happened.

If you are unable to do this, then you have to contact everyone on the list that this applies to and request explicit permission for them to remain on the mailing list. Without permission, then you must not contact them after GDPR comes into effect.

Source: http://www.vtsdesign.co.uk/gdpr-overview
-------------------

This seems pretty clear. If correct I'm not sure how we can comply with this.

Richard.

The mailing list records the date of sign up and ip so hopefully that will suffice.

Andy

Please feel free to review / rate our software

That's good, thanks Andy.

To be honest, I can't really see what other proof could be provided.

Andy

Please feel free to review / rate our software

There is a simple checklist available here https://gdprchecklist.io/ - as it says it's a basic checklist and not a legal document but it covers many of the main points it seems.

Andy

Please feel free to review / rate our software

Hi

Regarding having a record of when people signed up to the mailing lit, it would need to show they actively signed up (that it was not an opt out method). I had the later operating so now need to get rid of all these customer's details (or email them asking them to opt in).

Amanda Burke

Hi Amanda

Since GDPR came in to effect on 25th May if you had NOT already made contact with your mailing list clients prior to the 25th May then you are not to contact them asking if they still want to hear from you. There are very few exceptions to the rule. Ideally you are supposed to have made contact prior to the 25th but if you have not then you have to delete your mailing list.

Will
Bolton Manchester UK

Does all this mean I will no longer receive those "Rank Top 10 in Google" email messages ?

Gary