GDPR

For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
Post Reply
User avatar
AbleMods
Master Yoda
Master Yoda
Posts: 5170
Joined: Wed Sep 26, 2007 5:47 am
Location: Fort Myers, Florida USA

GDPR

Post by AbleMods » Thu May 24, 2018 4:04 am

So you've probably gotten just as many GDPR emails as I have this week.

Is there any official response/reaction from AbleCommerce regarding GDPR? Does it even apply to a US-based business that only ships to domestic US addresses??
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com

User avatar
AbleMods
Master Yoda
Master Yoda
Posts: 5170
Joined: Wed Sep 26, 2007 5:47 am
Location: Fort Myers, Florida USA

Re: GDPR

Post by AbleMods » Thu May 24, 2018 4:20 am

Found this on Forbes Magazine website
The organization would have to target a data subject in an EU country. Generic marketing doesn’t count. For example, a Dutch user who Googles and finds an English-language webpage written for U.S. consumers or B2B customers would not be covered under the GDPR. However, if the marketing is in the language of that country and there are references to EU users and customers, then the webpage would be considered targeted marketing and the GDPR will apply.

Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl from the Netherlands -- would certainly seal the case.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com

User avatar
Shopping Cart Admin
AbleCommerce Admin
AbleCommerce Admin
Posts: 3055
Joined: Mon Dec 01, 2003 8:41 pm
Location: Vancouver, WA
Contact:

Re: GDPR

Post by Shopping Cart Admin » Thu May 24, 2018 12:15 pm

Hi Joe,

There is so much written about this already, we don't have a lot to add. Keep peoples data private, if you have a breach notify them and if they want their data deleted... delete it. The vast majority of our customers are based in the US, so this just doesn't apply. But it's certainly best to value your customer's privacy and have a written policy in place that states your intentions with their information.

Of the information we've been inundated with, I think Microsoft's portal is complete and easy to understand.

https://www.microsoft.com/en-us/TrustCe ... fault.aspx
Thanks for your support

Shopping Cart Guru
AbleCommerce.com
Follow us on Facebook

User avatar
Katie
AbleCommerce Admin
AbleCommerce Admin
Posts: 2651
Joined: Tue Dec 02, 2003 1:54 am
Contact:

Re: GDPR

Post by Katie » Fri May 25, 2018 2:34 am

This was sent from our PCI certification service

What you need to know about GDPR

Prioritize: GDPR comes into effect on May 25th, 2018

Details: Under GDPR, Companies need to ask customers for their data in a clear and accessible way. Those customers will have the right to demand organisations delete their data when asked. They will be able to ask for information on how and why their data is being processed. They will also be able to request copies of their data in a machine-readable format so they can take it elsewhere.

Applicability: Any organisation that is handling Europeans' data is affected, regardless of where it is in the world. Even if a company has no offices in Europe, and its employees have never set foot on the continent — if they've got EU data, they've got to play by EU rules now.

Penalties: A company in breach of GDPR can be fined up to 4% of their annual global turnover (i.e. not just revenues generated in Europe) or €20 million, whichever is higher.
Thank you for choosing AbleCommerce!

http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support

User avatar
compunerdy
Admiral (ADM)
Admiral (ADM)
Posts: 1283
Joined: Sun Nov 18, 2007 3:55 pm

Re: GDPR

Post by compunerdy » Fri May 25, 2018 3:17 am

So.. assuming all we do is collect the name, address, and phone so we can ship them packages.. what do we need to change if anything? I think its pretty clear why we ask for the info.

dc8johnson
Lieutenant Commander (LCDR)
Lieutenant Commander (LCDR)
Posts: 87
Joined: Fri Nov 20, 2009 8:46 am

Re: GDPR

Post by dc8johnson » Fri May 25, 2018 6:59 am

You need to update your privacy policy to say what you collect, why and what you do with it. That's why you've been getting all these emails - companies are updating their privacy policies to tell you that.

The theory is that because you have a contract with the user (they want to buy something), you have a legitimate interest in having their data and you don't need their consent. But again, it's not enough if it should be obvious, you need to explicitly tell them that.

Just pick a couple of those emails you've gotten and take a look at their updated privacy policies. Pay particular attention to the ecommerce sites. Take a look at Amazon's.

NOTE: THIS IS NOT LEGAL ADVICE!!
David Johnson

Post Reply