Jump to content

GDPR Right to be forgotten


russell.huffer

Recommended Posts

I have had two requests under the new GDPR rules for two by two of our customers requesting to be forgotten, ie remove their data from my system. I am unable to delete them getting a message saying these customers have placed orders so can not delete.

Please advise how to remove them from cubecart as I need to do this by uk law.

 

Kind regards

 

Russell.

Link to comment
Share on other sites

There have been discussions about GDPR as it relates to CubeCart and eCommerce sites in general, in the effort to properly implement GDPR.

Given that I am no authority on GDPR, I don't have any definitive advice other than my opinion that CubeCart does sufficiently satisfy the requirements - only because I am not aware of any further discussions, or issues left "hanging", about any deficiencies in data scrubbing, or lack thereof. Thus, the task is finished.

My lousy understanding is that a merchant needs to keep intact the history of sales (taxes, and what-not). Also, again a lousy understanding, you may not use any data no longer necessary for critical business needs (needs that are not critical: advertising, marketing, feedback request, etc).

Personally, I had thoughts of scrambling personal identifiable data in Order Summaries by using a created fake name/account for this purpose. Also, CubeCart does not reveal to the public anyone else's account info, even that if any other account exists (except product reviews).

What are your conclusions after having thought this through?

Also, what version of CubeCart are you running? A GDPR solution has been implemented in the most recent versions of CubeCart.

Link to comment
Share on other sites

I believe that by law you must keep any transcational details for 6 years.

If you were audited by HMRC, and didn't have this information, then HMRC could come down on you like a ton of bricks.

 

My GDPR policy states:

'By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.'

 

Based on this, I should go back to the customer, tell them that you are legally obliged to retain some data for 6 years, I guess this could be internal ?, but you have no problems removing details from your web site.

What ever you do, don't inadvertantly send them any marketting stuff.

 

Link to comment
Share on other sites

  • 2 weeks later...

Right I have had meetings with fellow club members and cubecart is NOT GDPR complient, we state that we retain our records for ten years, however some of the records in my database are dated 2006 and so need removing, which I can not find a way of doing and there are to many to do manually. Also GDPR states that you have to be able to remove / anomanise data if requested to do so, I can find no way of doing this either.

I have seen mention of GDPR tools, what are these and how do I access them, I am running the current version.

Kind regards

Russell.

Link to comment
Share on other sites

I can only upgrade manually, so have done that for the last 6 plus times upgraded. so how do I get the tools.

Just had a look at the upgrade section was version 4 in 2012 but shows nothing before this but my transactions go back to 2006 so must be from even earlier version to start.

 

Russell.

Link to comment
Share on other sites

10 hours ago, russell.huffer said:

I can only upgrade manually, so have done that for the last 6 plus times upgraded. so how do I get the tools.

It is difficult to say without seeing your installation but it is likely that you haven’t been doing the manual upgrades correctly especially the files in the admin directory if/once your /admin directory was renamed so it was obsfucated

Link to comment
Share on other sites

2 hours ago, Al Brookbanks said:

Yes but the content is not necessarily right. Follow the upgrade instructions and it will be fine.

Followed the upgrade instructions on this site but just get the following message

your store has already been upgraded no further action is nessacery

How do I make it fine, please advise.

 

Russell.

 

Link to comment
Share on other sites

Please see: https://support.cubecart.com/Knowledgebase/Article/View/228/43/how-do-i-upgrade-from-cubecart-v6-to-latest-v6

On 10/17/2018 at 9:35 PM, russell.huffer said:

your store has already been upgraded no further action is nessacery

Sounds like all is ok now. You should see the GDPR tools now and if not then you haven't uploaded the files correctly. 

Link to comment
Share on other sites

What a lot of people miss even when "following" those instructions is the following

IMPORTANT: If your admin folder or admin.php file has been renamed please reflect these changes in the extracted package prior to uploading. These must correspond to the values specified in the includes/global.inc.php file.

And so still end up with multiple /admin directories and admin.php files with various names 

Link to comment
Share on other sites

This is my global.inc.php file

<?php $glob['adminFile'] = 'admin_m0gKrt.php'; $glob['adminFolder'] = 'admin_Fs0nS6'; $glob['dbdatabase'] = 'shopgla_ccrt1'; $glob['dbhost'] = 'localhost'; $glob['dbpassword'] = 'a1b2c3d4e5'; $glob['dbprefix'] = ''; $glob['dbusername'] = 'shopgla_store'; $glob['encoder'] = 'ioncube'; $glob['installed'] = '1'; $glob['cache'] = 'file'; ?>

I assume that the adminfile is wrong and should read admin.php as I can not find admin_m0gKrt.php anywhere.

 

Russell.

 

Link to comment
Share on other sites

The name of the admin script file and the admin folder name must match the values of the related variables is present in the global.inc.php file.

We recommend names having the variant with the hash component as this makes it harder for unauthorized persons to attempt to gain access.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...