Welcome to WebmasterWorld Guest from 54.172.221.7

Forum Moderators: buckworks

Message Too Old, No Replies

GDPR - seriously?

     
12:40 pm on May 5, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts:1864
votes: 5


I'm worried about the GDPR changes being put into place in Europe. My online store in the US ships to Europe. We don't collect any customer info besides default server logs and billing/shipping addresses and emails. I'm not in a position to do any more programming right now, but if I don't set this up I will be fined $20,000,000 per European customer?
1:21 pm on May 5, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


Not exactly, excepting if you are a big company.

What can happen is that, at some point, the EU can come after you, to point what you are failing to achieve to be compliant with the GDPR. If you are clearly not making efforts to be compliant, then, yes, you can start getting troubles.

Also, all depends of what you are doing with these data. For example, if you are selling or sharing them with third parts, then this will be a source of problem.

Now, if one day, your database is hacked, and leaked. Then you can also get serious problems about the data concerning your EU clients, if you were not compliant with the GDPR.

Now about the fine, this "up" to 4% of your global turnover or 20 millions euros. But that is the maximum possible. So , excepting if you are Google, Facebook, Microsoft, Twitter, etc... you will not be fined 20 millions.

nb: businesses had 6 years to work on the GDPR and adapt their processes, or at least 2 years, since the moment the text was definitive.
6:27 pm on May 5, 2018 (gmt 0)

Junior Member

joined:Mar 14, 2014
posts: 68
votes: 7


Who cares this BS, do you think that someone is going to sue you ?
I just ignore all these stupid rules. My websites also are in US !
6:32 pm on May 5, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


rules

These are not "rules".
7:25 pm on May 5, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


We don't collect any customer info besides default server logs

@Tonearm - read here: GDPR & Log Data Storage [webmasterworld.com]
9:45 am on May 6, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


We don't collect any customer info besides default server logs and billing/shipping addresses and emails.

"don't collect" , but in fact you do collect a lot of personal info. (Name, address, email are the basis of personal information)
4:53 pm on May 7, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3450
votes: 60


As I understand it you can collect the necessary information for the fulfillment of an order and hold that information for reference. You cannot capture additional information or use it for other purposes without explicit permission.
5:08 pm on May 7, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


Yes piatkow is right.

When data are collected, you/we have to inform the user what we collect, for what purpose, (and if we share the data with third parts). The user agrees implicitly, or explicitly to this (depending of the kind of data collected and its purpose). Then, you do not have the right to do anything different with these data. If you want to do something else, you have to obtain again the agreement from the user. (which makes sense).