Community @ The Turning Gate

Support community for TTG plugins and products.

You are not logged in.

#1 2018-04-13 04:11:49

tomowensphoto
Member
From: Suffolk
Registered: 2012-11-21
Posts: 242
Website

GDPR

Calling all European users of Backlight.
Are any of you using GDPR compliant plugins and if so what ones?
Like many people I have pushed this to one side but it looks like developers all over the globe are preparing for the switch over. It looks like my old notice won't fit the bill and with 20,000,000 Euros or 4% of turnover as potential fines I expect little people will be picked off as easy targets.


Regards,
TomO
Just a simple photographer
Live site at http://tomowens.openpoint.co.uk/

Offline

#2 2018-04-13 06:25:16

Daniel Leu
Moderator
Registered: 2012-10-11
Posts: 931
Website

Re: GDPR

The other day I read an article where they talked about attorneys already preparing lawsuits so they can be filed on May 25th.....


Daniel Leu | Photography   
DanielLeu.com

Offline

#3 2018-04-13 07:24:51

Ben
Moderator
From: Melbourne, Australia
Registered: 2012-09-29
Posts: 3,520

Re: GDPR

I haven't read a lot about this.  From my understanding this will affect businesses in terms of business processes and site functionality.

Business processes:

* the ability to detect data breaches and inform customers within 72 hours of a data breach occurring.  This looks to be a matter of hosting sites on a platform that supports detection of data breaches and notification to the site owner, to then notify affected customers.
* appointment of data officer - not necessary for small-scale data collection or the type of data collected by photography businesses

Site functionality:

* a clear notice of data usage, not buried in terms & conditions.  Opt-in checkboxes that are not pre-checked to record customer's acceptance of the data usage. 
* the ability to permanently delete customer data upon request, both from the main database and any backups

Are there any other relevant items that I've missed?

Offline

#4 2018-04-13 14:30:15

tomowensphoto
Member
From: Suffolk
Registered: 2012-11-21
Posts: 242
Website

Re: GDPR

I was reading up last night Ben until my eyes could not take it any more. One thing that was consistent was as you state in the site functionality section.

The need for explicit statements about why the data is being collected that have check boxes on contact forms that cannot be pre-checked in any state. Actioning the check box has to a clear action by the user, regardless of whether they have actually read the conditions. The language has to be unambiguous - obviously that is down to the site owner

There also needs to be an ability for a visitor to demand to be forgotten.

So that suggests contact forms could do with the option of adding conditions to approve capturing the contact details for email contact and also to opt out aka demand to be forgotten  with  check boxes associated with gathering data and requests to destroy data.

That begs the question as to whether contact data is written to database tables and if it is then ticking a check box should run a script to purge the record. That suggests that there would be some form of ID associated with the 'ticker' so this bit is a tad deeper than I imagined or have I got that wrong?

Last edited by tomowensphoto (2018-04-13 15:42:14)


Regards,
TomO
Just a simple photographer
Live site at http://tomowens.openpoint.co.uk/

Offline

#5 2018-04-23 07:05:00

powerfulphotography
Member
From: Wembley
Registered: 2017-12-31
Posts: 51
Website

Re: GDPR

So the question is, is Backlight working on a GDPR update to the relevant checkboxes and database tables for the upcoming privacy laws.


If at first, you don't succeed try, try then go to the forum.
https://powerfulphotography.co.uk/

Offline

#6 2018-04-23 07:22:40

Ben
Moderator
From: Melbourne, Australia
Registered: 2012-09-29
Posts: 3,520

Re: GDPR

TTG is not working on this for existing products.  I'm not yet sure the best way to handle this, considering these are changing business requirements for a product already functionally complete.  Our pricing model simply can't cover retrospective updates to products that were fit-for-purpose at the time of sale. Perhaps a software bounty might work.

Offline

#7 2018-04-27 21:30:06

powerfulphotography
Member
From: Wembley
Registered: 2017-12-31
Posts: 51
Website

Re: GDPR

I know that Gravity Forms collects all user data and there are several GDPR plugins that will collect this data, making the whole process easier for a web developer to conform to these eu standards, I have used this method within WP, but I don't know how to get around this within the checkout backend of backlight.

Perhaps using Gravity Forms to collect user data on the next update could simplify things?


If at first, you don't succeed try, try then go to the forum.
https://powerfulphotography.co.uk/

Offline

#8 2018-04-28 07:41:11

Ben
Moderator
From: Melbourne, Australia
Registered: 2012-09-29
Posts: 3,520

Re: GDPR

Gravity Forms is a Wordpress plugin.  Backlight is not a Wordpress system, so I don't see how that would work.

Thinking through this, there aren't many holes left in Backlight for GDPR compliance:

* Clear inline GDPR terms with checkboxes can be added for both transactionless and paypal checkouts
* The contact form does not save data on the website, so should not be affected.  This instead only emails the contact details.
* Managed Client Response information is entered by the photographer/site owner.  I'm not sure how this point of data entry would need to comply, as it's not entered by the customer, so does not present an opportunity for a customer to agree to anything.
* Cart orders and CR responses can be deleted with the admin function

Where Backlight falls short then is in:

* Standalone client response submissions.  There is no facility for checkboxes or terms here.  I suggest for now that you don't use this function.
* Deep deletion of customer details from backups.  The brute force approach is to delete the sq3 files from backlight/data/cart/database_backups and backlight/data/client-response/database_backups.  I would imagine that a request from customers to remove data will be rare, so this isn't something you would be doing often.

Have I missed anything?

Offline

#9 2018-05-16 10:05:55

No_name
Member
From: Germany
Registered: 2016-07-14
Posts: 24
Website

Re: GDPR

Hallo,
Yes the European siteoperator have new private policies law.

- Whit the Clint response  Gallery, we can inform our clint’s before send the password.

- Whit the contact forms we mu’st have a check in (op in) button.

Ben can you help us this to realizing

Best regards

Offline

#10 2018-05-16 16:41:37

Ben
Moderator
From: Melbourne, Australia
Registered: 2012-09-29
Posts: 3,520

Re: GDPR

I’m not sure that the contact form is an issue. Nothing is saved on the server. What do you think?

Offline

#11 2018-05-16 21:23:34

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 14,593
Website

Re: GDPR

From what I’ve read (admittedly little), I think it’s sign up forms (for newsletters, blog feeds, etc), that require an opt in.

As far as I can tell, the only ways TTG products collect/save/pass on any data are through a Google Analytics, Cart orders, and Client Response.


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Pangolin test site, Backlight 1.1.1 test site

Offline

#12 2018-05-16 23:14:19

No_name
Member
From: Germany
Registered: 2016-07-14
Posts: 24
Website

Re: GDPR

I not taking about saving of the server

I want a checkbox before the Clint can send me a message about the contact form.

Is that possibil ?

Offline

#13 2018-05-17 00:30:58

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 14,593
Website

Re: GDPR

Here’s an article specific to Google Analytics.
https://www.jeffalytics.com/gdpr-ip-add … analytics/


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Pangolin test site, Backlight 1.1.1 test site

Offline

#14 2018-05-17 00:45:45

No_name
Member
From: Germany
Registered: 2016-07-14
Posts: 24
Website

Re: GDPR

here can see  my code for google anonym IP

http://community.theturninggate.net/vie … hp?id=8233

Additionally, I have signed a contract with Google for ‘order Processing’

What I know is op out in Germany. This is possible until 2019. We see what the futur say

Last edited by No_name (2018-05-17 01:05:42)

Offline

#15 2018-05-17 00:57:22

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 14,593
Website

Re: GDPR

I’d forgotten about that thread, thanks for the reminder


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Pangolin test site, Backlight 1.1.1 test site

Offline

#16 2018-05-17 01:29:54

Daniel Leu
Moderator
Registered: 2012-10-11
Posts: 931
Website

Re: GDPR

No_name wrote:

here can see  my code for google anonym IP

http://community.theturninggate.net/vie … hp?id=8233

If you are using the latest version of Backlight (and Wordpress Module), then anonymize IP is already implemented.


Daniel Leu | Photography   
DanielLeu.com

Offline

#17 2018-05-17 01:50:24

No_name
Member
From: Germany
Registered: 2016-07-14
Posts: 24
Website

Re: GDPR

I now the new backlight have implemented IP-anonymize
But a don’t know we can use with the  op out

Because of I use my code smile

Offline

#18 2018-05-18 09:29:06

No_name
Member
From: Germany
Registered: 2016-07-14
Posts: 24
Website

Re: GDPR

Hey Community,

I have a solution for the required checkbox on contact forms.

I have on the backlight seitting > contact forms > required fields label

Set-in following code

* Pflichtfelder<br><br><input type="checkbox" name="check-privet-police-ok" value=" " required> Sie erklären sich mit dem absenden damit einverstanden daß Ihre Daten zur Bearbeitung Ihres Anliegens verwendet werden. Weitere Informationen und Widerrufshinweise finden Sie in der <a target="_blank" href="https://mypicasso.de/impressum-datenschutz/">Datenschutzerklärung</a>.<br>

I hope it’s help you

Offline

Board footer

Powered by FluxBB