Hello
We're running nopcommerce version 4.0 with the Emporium theme and have some problems with GDPR and cookie settings.
I've tried installing GDPR Plugin (https://www.nopcommerce.com/en/gdpr-plugin), but it doesn't work correctly with our theme.
The only cookie settings I can find in nopcommerce is to enable or disable the pop-up box, which doesn't make it legal according to GDPR.
Do I have to install other plugins or update nopcommerce to a newer version to fix these problems?
GDPR and Cookies
- 5
- 25
- 10/17/2018
- Denmark
Thank you for your answer.
Our problem is that we have a very specialized/modified installation and our web bureau estimates that it will take approximately two weeks to update nopcommerce. Which would be very, very expensive.
That's why we're looking for cheaper options to try to be more legal according to GDPR and cookies :-)
Our problem is that we have a very specialized/modified installation and our web bureau estimates that it will take approximately two weeks to update nopcommerce. Which would be very, very expensive.
That's why we're looking for cheaper options to try to be more legal according to GDPR and cookies :-)
- 174
- 1361
- 4/14/2011
- Ukraine
I am not a legal expert especially not in Danish law*, so don't rely upon me. I would do the following in your place.
I would reuse some other settings to ask for GDPR consent from your customers. You can rename the cookie thing to whatever you like in the language resources strings data. And you can also use the Newsletter consent (if you are not actively using the newsletter feature) just rename the text on screen it to whatever GDPR consent you want to be ask for. (look it up on other websites for the exact text you need)
GDPR allows you to do the actual operations manually, nowhere it is required to be done in software and in real time, if you have the user's consent you act accordingly, and if you don't you can do it the other way and have a reasonable time for it. For example, in a rare a customer asks to delete his data, it is not a requirement your software does it in 17.47 milliseconds, it is completely legal if you do it in a reasonable time, like in 24-48 hours manually editing your database.
The only publicly visible thing of GDPR is when you ask for consent to process and store your users data, if you have it (a checkbox with stored result like renamed Newsletter will do) all else can be done in a GDPR-conform way within your current means and authority.
*we run a webshop in Germany with a very law-obeying nation and habits, the most we have to fear from is the so called 'Abmahnung' . These are racket-like legal request coming from money-hungry lawyers wo misuse this feature of the German law, these can be based on that you allegedly made advantage for your business with not complying to some rule (there are way to many!) and this can cost you thousands of Euros. (do you have a similar thing in Denmark?) A checkbox and some GDPR bla-bla is enough to repel them.
I would reuse some other settings to ask for GDPR consent from your customers. You can rename the cookie thing to whatever you like in the language resources strings data. And you can also use the Newsletter consent (if you are not actively using the newsletter feature) just rename the text on screen it to whatever GDPR consent you want to be ask for. (look it up on other websites for the exact text you need)
GDPR allows you to do the actual operations manually, nowhere it is required to be done in software and in real time, if you have the user's consent you act accordingly, and if you don't you can do it the other way and have a reasonable time for it. For example, in a rare a customer asks to delete his data, it is not a requirement your software does it in 17.47 milliseconds, it is completely legal if you do it in a reasonable time, like in 24-48 hours manually editing your database.
The only publicly visible thing of GDPR is when you ask for consent to process and store your users data, if you have it (a checkbox with stored result like renamed Newsletter will do) all else can be done in a GDPR-conform way within your current means and authority.
*we run a webshop in Germany with a very law-obeying nation and habits, the most we have to fear from is the so called 'Abmahnung' . These are racket-like legal request coming from money-hungry lawyers wo misuse this feature of the German law, these can be based on that you allegedly made advantage for your business with not complying to some rule (there are way to many!) and this can cost you thousands of Euros. (do you have a similar thing in Denmark?) A checkbox and some GDPR bla-bla is enough to repel them.