Graphicz
web design
blog

Call 01323 872296


The EU General Data Protection Regulation (GDPR) and Sellerdeck/Actinic Desktop

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – it is important to make sure you’re prepared​.

https://www.eugdpr.org/

Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now V2.0 2017052

1. Awareness
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.

2. Information you hold
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.

3. Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.

4. Individuals’ rights
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

5. Subject access requests
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.

6. Lawful basis for processing personal data
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

7. Consent
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

8. Children
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

9. Data breaches
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

10. Data Protection by Design and Data Protection Impact Assessments
You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.

11. Data Protection Officers
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.

12. International
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now V2.0 2017052https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

There is more resource material here:

https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation

https://www.itgovernance.co.uk/resou…th-the-eu-gdpr

https://ico.org.uk/media/1624219/pre…r-12-steps.pdf

https://ico.org.uk/for-organisations…y-and-control/

https://ico.org.uk/for-organisations…e=pdf&patch=38

https://www.heartinternet.uk/blog/a-guide-to-gdpr-and-what-to-do-to-prepare/

(Without prejudice) It seems that there needs to be no inherent change in Sellerdeck Software as regards the operation of the site. The privacy policy will however need revision. You will also need to have systems in place for the supply of data to the customer in an easily machine readable form and show you have the ability to delete it. You must also ensure you keep the data securely. Here is some stuff on privacy policy:

https://www.econsultancy.com/blog/69…-with-examples

GDPR Privacy Policy
Nice downloadable one available here: http://vinciworks.com/blog/gdpr-ready-data-protection-policy-template/

Encryption
Windows has built-in encryption (pro versions) called BitLocker Drive Encryption
If you don’t want to encrypt your main drive you can use a second or external drive for Sellerdeck data and encrypt that.
You can make external drives behave like internal drives here: https://garvis.ca/2013/02/21/converting-an-sd-card-to-permanent-storage-in-windows-devices/

Changes to the site
You may also need to have popups by the email fields of the checkout for example stating what the data is used for, you may also need to obtain express rather than implied consent to the collection of data prior to collecting it so it may be some form of consent will need to precede the checkout process. Again, this is my guesswork and I take no responsibility! Please do read it up yourselves…
gdpr popups
Image from : https://www.econsultancy.com/blog/69…-with-examples

Having read the above links and please do take what I say here without warranty express or implied, but…
GDPR is relatively straightforward and you can modify Sellerdeck/Actinic Desktop versions relatively simply to comply.

You need to:
1. Ask before you collect data.
2. Explain why you need the data
3. Look after the data
4. Don’t share the data
5. Delete the data when asked
(If you want/need to share the data especially if you want to share it outside the EU you need to study the documents in depth and make appropriate decisions.)

Create a Privacy Policy along the lines of the link above (http://vinciworks.com/blog/gdpr-ready-data-protection-policy-template/) and paste it into Sellerdeck in the Privacy Policy tab of Business Settings, Terms and Conditions. Or you can repace this by pasting into the Layout Code Privacy Policy Text.

In Page type Checkout Page 0 open the Layout ‘Both Addresses address Fields RWD’
Comment out lines 112 and 113: (Moving in One Month RWD and Keep Details Private RWD

GDPR Checkout 01

Copy the two layout expressions and paste them above ‘Both Address Salutation RWD’ line 89ish.
GDPR Checkout 02

Open Responsive CSS, look for invoicePrivacy line 1230 and add a reference to inoviceMoving so it looks like this:

Open Responsive CSS, look for invoicePrivacy line 1230 and add a reference to inoviceMoving so it looks like this:

Code:
.content-area form .checkout label.rememberMeText, .content-area form .checkout label.invoicePrivacy, .content-area form .checkout label.inoviceMoving {width:85%; float:left;}

Design Text GoTo Phase 0 ID 15

Tick Show and Required of Invoice Privacy Check Status, and change Current Value to:

Code:
We do not share your data with anyone else, but we may email you from time to time with relevant information about our products and services. Please tick this box if you consent to this. <a href="info.html"><em>Privacy</em></a>

Design Text GoTo Phase 0 ID 13

Tick Show and Required of Invoice Moving Check Status, and change Current Value to:

Code:
To process and deliver your order we need to collect your name, address, email address and telephone number. Please tick here to consent to us doing this. If the box is unticked we will not be able to process your order. <a href="info.html"><em>Privacy</em></a>

You are now getting consent to collect data and to use the emails for newsletters etc. If you want to do more with the data best check the regulations yourself. We should ask if our payment processors and Mailchimp are GDRP as it is our responsibility if they collect/use data on our behalf.

Now we need to explain why we need the data.

At the bottom of the Responsive Outer Layout (or whatever is your outer layout) and before the </body> tag paste:

Code:

<script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jquery.ui/1.10.0/jquery-ui.js"></script>      <script>  $(function () {      $(document).tooltip({          content: function () {              return $(this).prop('title');          },          show: null,           close: function (event, ui) {              ui.tooltip.hover(                function () {                  $(this).stop(true).fadeTo(600, 1);              },                function () {                  $(this).fadeOut("600", function () {                      $(this).remove();                  })              });          }      });  });  </script>

Note: If you use Fancybox this script will stop the title appearing under the fancybox large image in preference to displaying a tooltip. It is better here to use a blockif”<actinic:variable name=”PageType” /> == ‘Checkout Page 0′” round the JS code.

At the bottom of Javascript Header Functions paste this:

Code:

<link href="http://ajax.aspnetcdn.com/ajax/jquery.ui/1.10.0/themes/black-tie/jquery-ui.css" rel="stylesheet" type="text/css" />

At the bottom of Current Stylesheet paste:

Code:

  .red {        color: red;    }

You then need four bits of code to add popups to the respective checkout inputs:

Code:

title="<span class='red'>To process and deliver your order we need to collect your name. <a href='info.html'><em>Privacy</em></a></span>"    title="<span class='red'>To process and deliver your order we need to collect your address. <a href='info.html'><em>Privacy</em></a></span>"    title="<span class='red'>We need to collect your email address to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>"    title="<span class='red'>We need to collect your telephone number to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>"

This is where these bits go:

Both Addresses Name RWD – the first input box change to read:

Code:

<label><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoiceFirstNameRequired%22%20%2f%3e" ><span id="idINVOICEFIRSTNAMElabel" class="actrequired"></actinic:block><actinic:variable name="InvoiceFirstName" /><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoiceFirstNameRequired%22%20%2f%3e" >*</span></actinic:block></label>  		<div class="InvoiceField">  			<input title="<span class='red'>To process and deliver your order we need to collect your name. <a href='info.html'><em>Privacy</em></a></span>" type="text" id="idINVOICEFIRSTNAME" name="INVOICEFIRSTNAME" size="30" maxlength="40" value="<actinic:variable name="InvoiceFirstNameOnline" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEFIRSTNAME">  		</div>

Both Addresses Line 1 RWD – the first input box change to read:

Code:

<label><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt004Required%22%20%2f%3e" /><span class="actrequired"></actinic:block><Actinic:Variable Name="InvoicePrompt004"/><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt004Required%22%20%2f%3e" />*</span></actinic:block></label>  <div class="InvoiceField">  	<input title="<span class='red'>To process and deliver your order we need to collect your address. <a href='info.html'><em>Privacy</em></a></span>" type="text" name="INVOICEADDRESS1" size="30" maxlength="200" value="<actinic:variable name="InvoiceAddress1" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEADDRESS1" />  </div>

Both Addresses Phone RWD – the first input box change to read:

Code:

<label><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt010Required%22%20%2f%3e" /><span class="actrequired"></actinic:block><Actinic:Variable Name="InvoicePrompt010"/><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt010Required%22%20%2f%3e" />*</span></actinic:block></label>  <div class="InvoiceField" >  	<input title="<span class='red'>We need to collect your telephone number to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>" type="tel" name="INVOICEPHONE" size="20" maxlength="25" value="<actinic:variable name="InvoicePhone" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEPHONE" />  </div>

Both Addresses Email RWD – the first input box change to read:

Code:

	<label><span id="idINVOICEEMAILlabel" <actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt012Required%22%20%2f%3e" /> class="actrequired"</actinic:block> ><Actinic:Variable Name="InvoicePrompt012"/> <actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt012Required%22%20%2f%3e" />*</actinic:block></span></label>  	<div class="InvoiceField" >        <input title="<span class='red'>We need to collect your email address to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>" type="email" id="idINVOICEEMAIL" name="INVOICEEMAIL" size="30" maxlength="255" value="<actinic:variable name="InvoiceEmail" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEEMAIL" />     </div>

These give popup boxes explaining why you need the data. Try it at http://www.webeg.co.uk/gdpr/

When you download the order and open the order in ‘Orders’ the boxes are ticked. The wording ideally needs changing and I think you might need Crystal Reports to do this, however you will know regardless of the caption that if the two boxes are ticked that consent is given.

GDPR Checkout 03

If you want them to appear in the customer email checkout the AUG page 127 http://portal.sellerdeck.co.uk/index.php/support/category/advanced-user-guides/sellerdeck-desktop-2016-advanced-user-guide1

All without prejudice, and without any warranty express or implied. Please satisfy yourself with the requirements laid out in the documents referred to in above posts.

Right to be forgotten
A big area for investment (of time and possibly money) is understanding what data you have and where it is. The GDPR gives a EU resident the right to see, have amended or delete all personal data held. This includes backups and archives, and the whole process from request to completion has to be audited/proved, and completed within 30 days. (Failure to do so is classed as a major breach and will incur the fine of up to €20 million.) This means we have to take care of site snapshots. Help, troubleshooting, support backup gives the option to remove data but if the snapshot is for a company to backup incase of hardware failure/fire/theft the data must be on it, possibly just keeping the past three snapshots on an encrypted drive. You should also satisfy yourself that any cloud based storage solution where you keep snapshots is GDPR compliant.

If you would like me to implement these changes on your instance of Selleredck please call 07836 551000 or email info@graphicz.co.uk and I will discuss it with you.

Author:

Keep in touch and share.



01323 872296. 07836 551000.
Email:

Website by Graphicz