AbleCommerce Shopping Cart Software

So you've probably gotten just as many GDPR emails as I have this week.

Is there any official response/reaction from AbleCommerce regarding GDPR? Does it even apply to a US-based business that only ships to domestic US addresses??

Found this on Forbes Magazine website

The organization would have to target a data subject in an EU country. Generic marketing doesn’t count. For example, a Dutch user who Googles and finds an English-language webpage written for U.S. consumers or B2B customers would not be covered under the GDPR. However, if the marketing is in the language of that country and there are references to EU users and customers, then the webpage would be considered targeted marketing and the GDPR will apply.

Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl from the Netherlands -- would certainly seal the case.

Hi Joe,

There is so much written about this already, we don't have a lot to add. Keep peoples data private, if you have a breach notify them and if they want their data deleted... delete it. The vast majority of our customers are based in the US, so this just doesn't apply. But it's certainly best to value your customer's privacy and have a written policy in place that states your intentions with their information.

Of the information we've been inundated with, I think Microsoft's portal is complete and easy to understand.

https://www.microsoft.com/en-us/TrustCe ... fault.aspx

This was sent from our PCI certification service

What you need to know about GDPR

Prioritize: GDPR comes into effect on May 25th, 2018

Details: Under GDPR, Companies need to ask customers for their data in a clear and accessible way. Those customers will have the right to demand organisations delete their data when asked. They will be able to ask for information on how and why their data is being processed. They will also be able to request copies of their data in a machine-readable format so they can take it elsewhere.

Applicability: Any organisation that is handling Europeans' data is affected, regardless of where it is in the world. Even if a company has no offices in Europe, and its employees have never set foot on the continent — if they've got EU data, they've got to play by EU rules now.

Penalties: A company in breach of GDPR can be fined up to 4% of their annual global turnover (i.e. not just revenues generated in Europe) or €20 million, whichever is higher.

So.. assuming all we do is collect the name, address, and phone so we can ship them packages.. what do we need to change if anything? I think its pretty clear why we ask for the info.

You need to update your privacy policy to say what you collect, why and what you do with it. That's why you've been getting all these emails - companies are updating their privacy policies to tell you that.

The theory is that because you have a contract with the user (they want to buy something), you have a legitimate interest in having their data and you don't need their consent. But again, it's not enough if it should be obvious, you need to explicitly tell them that.

Just pick a couple of those emails you've gotten and take a look at their updated privacy policies. Pay particular attention to the ecommerce sites. Take a look at Amazon's.

NOTE: THIS IS NOT LEGAL ADVICE!!