Jump to content
russell.huffer

GDPR Right to be forgotten

Recommended Posts

I have had two requests under the new GDPR rules for two by two of our customers requesting to be forgotten, ie remove their data from my system. I am unable to delete them getting a message saying these customers have placed orders so can not delete.

Please advise how to remove them from cubecart as I need to do this by uk law.

 

Kind regards

 

Russell.

Share this post


Link to post
Share on other sites

There have been discussions about GDPR as it relates to CubeCart and eCommerce sites in general, in the effort to properly implement GDPR.

Given that I am no authority on GDPR, I don't have any definitive advice other than my opinion that CubeCart does sufficiently satisfy the requirements - only because I am not aware of any further discussions, or issues left "hanging", about any deficiencies in data scrubbing, or lack thereof. Thus, the task is finished.

My lousy understanding is that a merchant needs to keep intact the history of sales (taxes, and what-not). Also, again a lousy understanding, you may not use any data no longer necessary for critical business needs (needs that are not critical: advertising, marketing, feedback request, etc).

Personally, I had thoughts of scrambling personal identifiable data in Order Summaries by using a created fake name/account for this purpose. Also, CubeCart does not reveal to the public anyone else's account info, even that if any other account exists (except product reviews).

What are your conclusions after having thought this through?

Also, what version of CubeCart are you running? A GDPR solution has been implemented in the most recent versions of CubeCart.

Edited by bsmither

Share this post


Link to post
Share on other sites

I'm no lawyer but I think that if a financial transaction has taken place then you have to keep this data for X amount of years. On those grounds they can't be forgotten.

You could anonymise their account (change name, email etc to something fictional).

Share this post


Link to post
Share on other sites

I believe that by law you must keep any transcational details for 6 years.

If you were audited by HMRC, and didn't have this information, then HMRC could come down on you like a ton of bricks.

 

My GDPR policy states:

'By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.'

 

Based on this, I should go back to the customer, tell them that you are legally obliged to retain some data for 6 years, I guess this could be internal ?, but you have no problems removing details from your web site.

What ever you do, don't inadvertantly send them any marketting stuff.

 

Share this post


Link to post
Share on other sites

Right I have had meetings with fellow club members and cubecart is NOT GDPR complient, we state that we retain our records for ten years, however some of the records in my database are dated 2006 and so need removing, which I can not find a way of doing and there are to many to do manually. Also GDPR states that you have to be able to remove / anomanise data if requested to do so, I can find no way of doing this either.

I have seen mention of GDPR tools, what are these and how do I access them, I am running the current version.

Kind regards

Russell.

Edited by russell.huffer

Share this post


Link to post
Share on other sites

You can do all this on the latest version. It has purge tools and look up tool. Once you have looked up an account you can edit manually to anonymise.

Share this post


Link to post
Share on other sites

There should be no need to anonymise accounts - for the GDPR tools look at Customers and then the "GDPR Tools" tab !

Share this post


Link to post
Share on other sites
10 minutes ago, russell.huffer said:

Sorry but I do not have GDPR tools in customers or anywhere else, please advise.

 

Russell.

Then your store is not at the latest version or is a mix of version code. I'd suggest upgrading manually. 

Share this post


Link to post
Share on other sites
39 minutes ago, Al Brookbanks said:

Then your store is not at the latest version or is a mix of version code. I'd suggest upgrading manually. 

Agreed - almost certainly a partially failed upgrade and using old admin files

Share this post


Link to post
Share on other sites

I can only upgrade manually, so have done that for the last 6 plus times upgraded. so how do I get the tools.

Just had a look at the upgrade section was version 4 in 2012 but shows nothing before this but my transactions go back to 2006 so must be from even earlier version to start.

 

Russell.

Share this post


Link to post
Share on other sites
10 hours ago, russell.huffer said:

I can only upgrade manually, so have done that for the last 6 plus times upgraded. so how do I get the tools.

It is difficult to say without seeing your installation but it is likely that you haven’t been doing the manual upgrades correctly especially the files in the admin directory if/once your /admin directory was renamed so it was obsfucated

Share this post


Link to post
Share on other sites
1 minute ago, russell.huffer said:

so should I not have an admin and an admin***** directory then.

 

Russell.

Yes but the content is not necessarily right. Follow the upgrade instructions and it will be fine.

Share this post


Link to post
Share on other sites
2 hours ago, Al Brookbanks said:

Yes but the content is not necessarily right. Follow the upgrade instructions and it will be fine.

Followed the upgrade instructions on this site but just get the following message

your store has already been upgraded no further action is nessacery

How do I make it fine, please advise.

 

Russell.

 

Share this post


Link to post
Share on other sites

Please see: https://support.cubecart.com/Knowledgebase/Article/View/228/43/how-do-i-upgrade-from-cubecart-v6-to-latest-v6

On 10/17/2018 at 9:35 PM, russell.huffer said:

your store has already been upgraded no further action is nessacery

Sounds like all is ok now. You should see the GDPR tools now and if not then you haven't uploaded the files correctly. 

Share this post


Link to post
Share on other sites

What a lot of people miss even when "following" those instructions is the following

IMPORTANT: If your admin folder or admin.php file has been renamed please reflect these changes in the extracted package prior to uploading. These must correspond to the values specified in the includes/global.inc.php file.

And so still end up with multiple /admin directories and admin.php files with various names 

Share this post


Link to post
Share on other sites

This is my global.inc.php file

<?php $glob['adminFile'] = 'admin_m0gKrt.php'; $glob['adminFolder'] = 'admin_Fs0nS6'; $glob['dbdatabase'] = 'shopgla_ccrt1'; $glob['dbhost'] = 'localhost'; $glob['dbpassword'] = 'a1b2c3d4e5'; $glob['dbprefix'] = ''; $glob['dbusername'] = 'shopgla_store'; $glob['encoder'] = 'ioncube'; $glob['installed'] = '1'; $glob['cache'] = 'file'; ?>

I assume that the adminfile is wrong and should read admin.php as I can not find admin_m0gKrt.php anywhere.

 

Russell.

 

Share this post


Link to post
Share on other sites

The name of the admin script file and the admin folder name must match the values of the related variables is present in the global.inc.php file.

We recommend names having the variant with the hash component as this makes it harder for unauthorized persons to attempt to gain access.

 

Share this post


Link to post
Share on other sites

 

Right so have now changed name of admin files and directorys and clear cache and GDPR tools now show up and work really well.

All problems that I have seen with this software have been caused by upgrades, you really need to work in this area.

Russell.

Edited by russell.huffer

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×