GDPR TL;DR (Too Long; Didn't Read)

Posted by Paul on March 16, 2018

There's a lot of talk lately of the new EU GDPR rules that come in to force in May 2018, and we've been asked by several clients for advice.

The GDPR rules are well-intentioned and are there to protect the consumer - I get far too much spam and would love to see this reduced, but the rules are very high-level and can be quite vague which makes compliance especially difficult for the small business without their own legal team.

Unfortunately (or fortunately as the case may be!) Antropy is a web agency, not a law firm, and we aren't able to give legal advice but I have tried to simplify some of the guidelines in simple language below and mentioned a few areas where it may affect OpenCart store owners at the end.

The original 12 (somewhat unclear) guidelines come from the ICO who are in charge of enforcing the rules and they can be found here:
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

So, what exactly do you have to do:

Email the main people in your company telling them there are new data protection laws coming in to force from 25th May 2018 called the GDPR (General Data Protection Regulation).
Document what personal data you hold, where it came from and who you share it with. If you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation about the inaccuracy so it can correct its own records. GDPR requires organisations to be able to show how they comply with the data protection principles by having written processes and procedures.
If you store personal data you will need to add to your Privacy Policy explaining your lawful basis for processing the personal data and your data retention periods.
Individuals must be able to control their own data by being able to access it, change it and have it removed at no cost.
This seems to be a duplicate of 4.
This seems to be a duplicate of 3.
If you want to contact people or use their data, they have to actively opt-in rather than not opt-out.
If children use your website, you will need their parents' permission to store their data.
You should monitor your computers and websites for data breaches and notify the ICO as soon as you know there has been one.
Your systems must be designed to be secure from the ground up - no more emailing credit card details as some people used to do!
You should designate someone to take responsibility for data protection compliance.
If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority (where your HQ is) and document this. In the UK this is the ICO.

In a nutshell: take extra care of any personal data you keep, the end user has control of their data, don't spam people, make sure your employees and customers know about GDPR, appoint someone to be responsible for personal data, make sure your systems and processes refer to GDPR and are secure.

Does everything have to be encrypted?

The above linked document doesn't mention encryption but more detailed documents on GDPR do and they go as far as to say that personal data should be encrypted and the key to the encryption not stored with the data. While OpenCart only stores encrypted passwords, it would not be possible for OpenCart (or indeed pretty much any other website) to work if data had to be encrypted and the key not used. So it's probably safe to ignore that one until further guidance appears.

Specifics for OpenCart

In the checkout, make sure you don't automatically subscribe people to your newsletter.
Mention GDPR in your Privacy Policy.
Delete customers if they ask you to, unless you have a lawful reason to keep their data such as to maintain legal accounting records.
Make sure your webhost has anti-malware software running and regularly check your website for malware with something like Sucuri. Notify the ICO (if you have a UK HQ only) if you find anything by clicking here.
Use SSL.

Final Thoughts

Again, I'm not qualified to give legal advice and the above is offered without any guarantees, but hopefully it may be helpful as a starting point.

The GDPR does seem like a bit of a pain for the small business because it's not very specific and requires interpretation to translate it in to specific steps and these are somewhat subjective.

However, I think it's very unlikely that the ICO would punish any business that has made a genuine effort to comply.

What do you think of the GDPR? Is anything still unclear? Let us know in the comments!

blog comments powered by Disqus

Testimonials

Antropy not only gave freely of their time to talk with me, they had the patience to teach me as we went along. They came up with various ideas that allowed me to choose what I liked best and with their guidance we got exactly the website we dreamed about.

David, RC Geeks

Always helpful and extremely responsive to any request and once the project has been rolled out they continue to assist you with great help and advice to make the most of your website

Jamie Chandler, Newvotek

Thank you all for the hard work, it has paid off, it looks good. The logo is great to promote the practice and the website we can be proud of. Thank you again.

Biddy Arnott, Group Analytic Practice Ltd

Taken on both smaller and large projects to a very high standard. Delivered on time, with a professional level of service. Always better than we envisioned. Staff are always ready to help with any issues we have. Really pleased with the results of Antropy, and hopefully we can do more business together in the future!

Josh, Toyland Toyshop

We found Antropy to be very responsive and approachable to work with. They gladly took our own designs and transformed them into an easy-to-manage website. Communication was easy and any requests for change were promptly done. Many thanks for the work!

John Caiger, Matraxis

Merged two previously HUGE separate sites (website and webstore) into one streamlined website with integrated store, with improved social media and mailing list results. Joe helped communicate complicated jargon into simpler terms, solved issues/queries quickly, and the follow up support has been invaluable.

Jo, Cold Spring Records

Excellent work, delivered in a friendly and consultative way throughout the whole process. For a small company such as my own it was great to be guided through the process, and all my requests were responded to and I felt involved from start to finish.

Phil Saville, Rook Systems

We are really delighted with the finished product, it has far exceeded our expectations... Many thanks again for your support and setting up what I feel is the best Alzheimer's website in the country.

Lynne, MK Alzheimer's

Just wanted to say a big thank you for all your help and support thus far. You've been absolutely brilliant. You've given me absolute confidence that when there is a problem it is sorted which really gives me peace of mind.

Tracy, FLUX

We worked with Antropy on our new webshop at kikgoes.nl in the past months. We have enjoyed working with them because of their extensive knowledge of Opencart and the rapid pace of development. We regularly added requirements to the projects and we've never had anything that couldn't be done. We look forward to working with Antropy again for new projects or adjustments to our webshop!

Joël van Daalen, Kik Cycleparts

The deliveries are now incredibly clear and there is no more admin work on this side which is excellent. It’s amazing really and I think our customers enjoy knowing exactly when they are getting it unlike nearly every other furniture company out there! Thanks for this.

Jonathan Haskins, Get Laid Beds

After many years of trying to update my website, dealing with problematic code, delays, etc, I found Antropy about 10 years ago. I can not say enough great things about the quality of their coding and stability of my website along with the professionalism of their staff. I now have a well functioning website that has stood the test of time. Our site is an e-commerce site so that having it up and running is crucial to our business. On the rare occasion that there is a problem with the site, Antropy's team is quick and responsive to finding the problem and fixing it quickly.

Lynn Reznick, Off The Mark

Thanks for your hard work, it's very much appreciated.

Colin Farndale, CJF Motorcycles

Wow, I am speechless. Thank you so much, this is perfect !!!! Thank you, thank you !!!

Marios Pantelli, Sewing Machine Company

Thanks again for all your hard work on the 3D renders … the results have been fantastic and I look forward to working together again in the future.

Kim, Kimberley-Jane: Design

We recently started using Antropy for our OpenCart website as internal IT is swamped and we needed back up and they have been great. Work is quick and efficient, we never need to ask for something twice and communication is good. Gives us confidence that when we need something to be done, it will be and to a high standard.

Dominic Old, The Wasabi Company

Good to work with, very straight forward

Grant Berry, Home World

Very impressed with the quick service! There is nothing more we need help with right now but we would certainly use you in the future for other issues or alterations we may have. Thank you very much!

Jemma, Aquafayre

Excellent company with outstanding knowledge of opencart and how to get the best from it. If you are looking for a reliable and professional company to work with I wouldn't hesitate to recommend these guys.

Ashley Morrison, Lockertek

Firstly, thanks ever so much to you and your team for getting these two sites up and running. It’s a pleasure to work with people who are so helpful and responsive to our requirements. We’re very happy with both sites and all seems to be working fine.

Aidan, Nauticalia

GDPR TL;DR (Too Long; Didn't Read)

Does everything have to be encrypted?

Specifics for OpenCart

Final Thoughts

Testimonials

Services

About

Contact

Social