{"id":137,"date":"2018-01-28T17:22:04","date_gmt":"2018-01-28T17:22:04","guid":{"rendered":"https:\/\/www.graphicz.co.uk\/blog\/?p=137"},"modified":"2018-09-03T15:28:09","modified_gmt":"2018-09-03T14:28:09","slug":"the-eu-general-data-protection-regulation-gdpr-and-sellerdeck-actinic-desktop","status":"publish","type":"post","link":"https:\/\/www.graphicz.co.uk\/blog\/the-eu-general-data-protection-regulation-gdpr-and-sellerdeck-actinic-desktop\/","title":{"rendered":"The EU General Data Protection Regulation (GDPR) and Sellerdeck or Actinic Desktop"},"content":{"rendered":"

The EU General Data Protection Regulation (GDPR)<\/strong> is the most important change in data privacy regulation in 20 years – it is important to make sure you’re prepared\u200b.<\/p>\n

https:\/\/www.eugdpr.org\/<\/a><\/p>\n

Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now V2.0 2017052<\/a><\/p>\n

1. Awareness <\/strong>
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.<\/p>\n

2. Information you hold<\/strong>
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.<\/p>\n

3. Communicating privacy information<\/strong>
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.<\/p>\n

4. Individuals\u2019 rights<\/strong>
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.<\/p>\n

5. Subject access requests<\/strong>
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.<\/p>\n

6. Lawful basis for processing personal data<\/strong>
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.<\/p>\n

7. Consent<\/strong>
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don\u2019t meet the GDPR standard.<\/p>\n

8. Children<\/strong>
You should start thinking now about whether you need to put systems in place to verify individuals\u2019 ages and to obtain parental or guardian consent for any data processing activity.<\/p>\n

9. Data breaches<\/strong>
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.<\/p>\n

10. Data Protection by Design and Data Protection Impact Assessments<\/strong>
You should familiarise yourself now with the ICO\u2019s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.<\/p>\n

11. Data Protection Officers<\/strong>
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation\u2019s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.<\/p>\n

12. International<\/strong>
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.<\/p>\n

Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now V2.0 2017052<\/a> – https:\/\/ico.org.uk\/media\/1624219\/preparing-for-the-gdpr-12-steps.pdf<\/a><\/p>\n

There is more resource material here:<\/p>\n

https:\/\/www.itgovernance.co.uk\/data-protection-dpa-and-eu-data-protection-regulation<\/a><\/p>\n

https:\/\/www.itgovernance.co.uk\/resou…th-the-eu-gdpr<\/a><\/p>\n

https:\/\/ico.org.uk\/media\/1624219\/pre…r-12-steps.pdf<\/a><\/p>\n

https:\/\/ico.org.uk\/for-organisations…y-and-control\/<\/a><\/p>\n

https:\/\/ico.org.uk\/for-organisations…e=pdf&patch=38<\/a><\/p>\n

https:\/\/www.heartinternet.uk\/blog\/a-guide-to-gdpr-and-what-to-do-to-prepare\/<\/a><\/p>\n

(Without prejudice) It seems that there needs to be no inherent change in Sellerdeck Software as regards the operation of the site. The privacy policy will however need revision. You will also need to have systems in place for the supply of data to the customer in an easily machine readable form and show you have the ability to delete it. You must also ensure you keep the data securely. Here is some stuff on privacy policy:<\/p>\n

https:\/\/www.econsultancy.com\/blog\/69…-with-examples<\/a><\/p>\n

GDPR Privacy Policy<\/strong>
Nice downloadable one available here: http:\/\/vinciworks.com\/blog\/gdpr-ready-data-protection-policy-template\/<\/a><\/p>\n

Encryption<\/strong>
Windows has built-in encryption (pro versions) called BitLocker Drive Encryption
If you don’t want to encrypt your main drive you can use a second or external drive for Sellerdeck data and encrypt that.
You can make external drives behave like internal drives here: https:\/\/garvis.ca\/2013\/02\/21\/converting-an-sd-card-to-permanent-storage-in-windows-devices\/<\/a><\/p>\n

Changes to the site<\/strong>
You may also need to have popups by the email fields of the checkout for example stating what the data is used for, you may also need to obtain express rather than implied consent to the collection of data prior to collecting it so it may be some form of consent will need to precede the checkout process. Again, this is my guesswork and I take no responsibility! Please do read it up yourselves…
\"gdpr
Image from : https:\/\/www.econsultancy.com\/blog\/69…-with-examples<\/a><\/p>\n

Having read the above links and please do take what I say here without warranty express or implied, but…
GDPR is relatively straightforward and you can modify Sellerdeck\/Actinic Desktop versions relatively simply to comply.<\/p>\n

You need to:
1. Ask before you collect data.
2. Explain why you need the data
3. Look after the data
4. Don’t share the data
5. Delete the data when asked
(If you want\/need to share the data especially if you want to share it outside the EU you need to study the documents in depth and make appropriate decisions.)<\/p>\n

Create a Privacy Policy along the lines of the link above (http:\/\/vinciworks.com\/blog\/gdpr-ready-data-protection-policy-template\/<\/a>) and paste it into Sellerdeck in the Privacy Policy tab of Business Settings, Terms and Conditions. Or you can repace this by pasting into the Layout Code Privacy Policy Text.<\/p>\n

In Page type Checkout Page 0 open the Layout ‘Both Addresses address Fields RWD’
Comment out lines 112 and 113: (Moving in One Month RWD and Keep Details Private RWD<\/p>\n

\"GDPR<\/p>\n

Copy the two layout expressions and paste them above ‘Both Address Salutation RWD’ line 89ish.
\"GDPR<\/p>\n

Open Responsive CSS, look for invoicePrivacy line 1230 and add a reference to inoviceMoving so it looks like this:<\/p>\n

Open Responsive CSS, look for invoicePrivacy line 1230 and add a reference to inoviceMoving so it looks like this:<\/p>\n

\n
Code:<\/div>\n
.content-area form .checkout label.rememberMeText, .content-area form .checkout label.invoicePrivacy, .content-area form .checkout label.inoviceMoving {width:85%; float:left;}<\/pre>\n<\/div>\n
Design Text GoTo Phase 0 ID 15<\/p>\n
 Tick Show and Required of Invoice Privacy Check Status, and change Current Value to:<\/p>\n
\n
Code:<\/div>\n
We do not share your data with anyone else, but we may email you from time to time with relevant information about our products and services. Please tick this box if you consent to this. <a href=\"info.html\"><em>Privacy<\/em><\/a><\/pre>\n<\/div>\n
Design Text GoTo Phase 0 ID 13<\/p>\n
 Tick Show and Required of Invoice Moving Check Status, and change Current Value to:<\/p>\n
\n
Code:<\/div>\n
To process and deliver your order we need to collect your name, address, email address and telephone number. Please tick here to consent to us doing this. If the box is unticked we will not be able to process your order. <a href=\"info.html\"><em>Privacy<\/em><\/a><\/pre>\n<\/div>\n
You are now getting consent to collect data and to use the emails for newsletters etc. If you want to do more with the data best check the regulations yourself. We should ask if our payment processors and Mailchimp are GDRP as it is our responsibility if they collect\/use data on our behalf.<\/p>\n
 Now we need to explain why we need the data.<\/p>\n
 At the bottom of the Responsive Outer Layout (or whatever is your outer layout) and before the <\/body> tag paste:<\/p>\n
Code:<\/p>\n
\n
<script type=\"text\/javascript\" src=\"https:\/\/ajax.aspnetcdn.com\/ajax\/jquery.ui\/1.10.0\/jquery-ui.js\"><\/script>      <script>  $(function () {      $(document).tooltip({          content: function () {              return $(this).prop('title');          },          show: null,           close: function (event, ui) {              ui.tooltip.hover(                function () {                  $(this).stop(true).fadeTo(600, 1);              },                function () {                  $(this).fadeOut(\"600\", function () {                      $(this).remove();                  })              });          }      });  });  <\/script><\/pre>\n<\/div>\n
Note: If you use Fancybox this script will stop the title appearing under the fancybox large image in preference to displaying a tooltip. It is better here to use a blockif”<actinic:variable name=”PageType” \/> == ‘Checkout Page 0′” round the JS code.<\/p>\n
 At the bottom of Javascript Header Functions paste this:<\/p>\n
Code:<\/p>\n
\n
<link href=\"http:\/\/ajax.aspnetcdn.com\/ajax\/jquery.ui\/1.10.0\/themes\/black-tie\/jquery-ui.css\" rel=\"stylesheet\" type=\"text\/css\" \/><\/pre>\n<\/div>\n
At the bottom of Current Stylesheet paste:<\/p>\n
Code:<\/p>\n
\n
  .red {        color: red;    }<\/pre>\n<\/div>\n
You then need four bits of code to add popups to the respective checkout inputs:<\/p>\n
Code:<\/p>\n
\n
title=\"<span class='red'>To process and deliver your order we need to collect your name. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\"    title=\"<span class='red'>To process and deliver your order we need to collect your address. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\"    title=\"<span class='red'>We need to collect your email address to communicate with you about your order. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\"    title=\"<span class='red'>We need to collect your telephone number to communicate with you about your order. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\"<\/pre>\n<\/div>\n
This is where these bits go:<\/p>\n
 Both Addresses Name RWD – the first input box change to read:<\/p>\n
Code:<\/p>\n
\n
<label><actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoiceFirstNameRequired%22%20%2f%3e\" ><span id=\"idINVOICEFIRSTNAMElabel\" class=\"actrequired\"><\/actinic:block><actinic:variable name=\"InvoiceFirstName\" \/><actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoiceFirstNameRequired%22%20%2f%3e\" >*<\/span><\/actinic:block><\/label>  \t\t<div class=\"InvoiceField\">  \t\t\t<input title=\"<span class='red'>To process and deliver your order we need to collect your name. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\" type=\"text\" id=\"idINVOICEFIRSTNAME\" name=\"INVOICEFIRSTNAME\" size=\"30\" maxlength=\"40\" value=\"<actinic:variable name=\"InvoiceFirstNameOnline\" selectable=\"false\" \/>\" tabindex=\"NETQUOTEVAR:TABINDEXINVOICEFIRSTNAME\">  \t\t<\/div><\/pre>\n<\/div>\n
Both Addresses Line 1 RWD – the first input box change to read:<\/p>\n
Code:<\/p>\n
\n
<label><actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoicePrompt004Required%22%20%2f%3e\" \/><span class=\"actrequired\"><\/actinic:block><Actinic:Variable Name=\"InvoicePrompt004\"\/><actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoicePrompt004Required%22%20%2f%3e\" \/>*<\/span><\/actinic:block><\/label>  <div class=\"InvoiceField\">  \t<input title=\"<span class='red'>To process and deliver your order we need to collect your address. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\" type=\"text\" name=\"INVOICEADDRESS1\" size=\"30\" maxlength=\"200\" value=\"<actinic:variable name=\"InvoiceAddress1\" selectable=\"false\" \/>\" tabindex=\"NETQUOTEVAR:TABINDEXINVOICEADDRESS1\" \/>  <\/div><\/pre>\n<\/div>\n
Both Addresses Phone RWD – the first input box change to read:<\/p>\n
Code:<\/p>\n
\n
<label><actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoicePrompt010Required%22%20%2f%3e\" \/><span class=\"actrequired\"><\/actinic:block><Actinic:Variable Name=\"InvoicePrompt010\"\/><actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoicePrompt010Required%22%20%2f%3e\" \/>*<\/span><\/actinic:block><\/label>  <div class=\"InvoiceField\" >  \t<input title=\"<span class='red'>We need to collect your telephone number to communicate with you about your order. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\" type=\"tel\" name=\"INVOICEPHONE\" size=\"20\" maxlength=\"25\" value=\"<actinic:variable name=\"InvoicePhone\" selectable=\"false\" \/>\" tabindex=\"NETQUOTEVAR:TABINDEXINVOICEPHONE\" \/>  <\/div><\/pre>\n<\/div>\n
Both Addresses Email RWD – the first input box change to read:<\/p>\n
Code:<\/p>\n
\n
\t<label><span id=\"idINVOICEEMAILlabel\" <actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoicePrompt012Required%22%20%2f%3e\" \/> class=\"actrequired\"<\/actinic:block> ><Actinic:Variable Name=\"InvoicePrompt012\"\/> <actinic:block if=\"%3cactinic%3avariable%20name%3d%22InvoicePrompt012Required%22%20%2f%3e\" \/>*<\/actinic:block><\/span><\/label>  \t<div class=\"InvoiceField\" >        <input title=\"<span class='red'>We need to collect your email address to communicate with you about your order. <a href='info.html'><em>Privacy<\/em><\/a><\/span>\" type=\"email\" id=\"idINVOICEEMAIL\" name=\"INVOICEEMAIL\" size=\"30\" maxlength=\"255\" value=\"<actinic:variable name=\"InvoiceEmail\" selectable=\"false\" \/>\" tabindex=\"NETQUOTEVAR:TABINDEXINVOICEEMAIL\" \/>     <\/div><\/pre>\n<\/div>\n
These give popup boxes explaining why you need the data. Try it at http:\/\/www.webeg.co.uk\/gdpr\/<\/a><\/p>\n
 When you download the order and open the order in ‘Orders’ the boxes are ticked. The wording ideally needs changing and I think you might need Crystal Reports to do this, however you will know regardless of the caption that if the two boxes are ticked that consent is given.<\/p>\n
\"GDPR<\/p>\n
 If you want them to appear in the customer email checkout the AUG page 127 http:\/\/portal.sellerdeck.co.uk\/index.php\/support\/category\/advanced-user-guides\/sellerdeck-desktop-2016-advanced-user-guide1<\/a><\/p>\n
 All without prejudice, and without any warranty express or implied. Please satisfy yourself with the requirements laid out in the documents referred to in above posts.<\/em><\/strong><\/p>\n
Right to be forgotten<\/strong>
 A big area for investment (of time and possibly money) is understanding what data you have and where it is. The GDPR gives a EU resident the right to see, have amended or delete all personal data held. This includes backups and archives, and the whole process from request to completion has to be audited\/proved, and completed within 30 days. (Failure to do so is classed as a major breach and will incur the fine of up to \u20ac20 million.) This means we have to take care of site snapshots. Help, troubleshooting, support backup gives the option to remove data but if the snapshot is for a company to backup incase of hardware failure\/fire\/theft the data must be on it, possibly just keeping the past three snapshots on an encrypted drive. You should also satisfy yourself that any cloud based storage solution where you keep snapshots is GDPR compliant.<\/p>\n
If you would like me to implement these changes on your instance of Selleredck please call 07836 551000<\/a> or email info@graphicz.co.uk<\/a> and I will discuss it with you.<\/p>\n","protected":false},"excerpt":{"rendered":"
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – it is important to make sure you’re prepared\u200b. https:\/\/www.eugdpr.org\/ Preparing for the General Data Protection Regulation (GDPR): 12 steps to…<\/span> <\/p>\n
Read more ›<\/b><\/div>\n
<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-137","post","type-post","status-publish","format-standard","hentry","category-graphicz-articles"],"_links":{"self":[{"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/posts\/137"}],"collection":[{"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=137"}],"version-history":[{"count":6,"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/posts\/137\/revisions"}],"predecessor-version":[{"id":272,"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/posts\/137\/revisions\/272"}],"wp:attachment":[{"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.graphicz.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}