GDPR compliance - Post ID 280188

User 130413 Photo


Ambassador
25 posts

The General Data Protection Regulation (GDPR) applies from 25 May 2018 within the EU, so I wanted to know what the implications are for the software I use from coffeeCup such as the shopping cart and form builder. My take on the areas that will hit webmasters within the eu are as follows:

Contact form design
Marketing 'opt-in' forms design
Privacy notices (often referred to as Privacy policies)
Website security - encryption (SSL)
Cookie consent
Data breaches and your obligations
Processing data of under 18's

Are there any plans to incorporate GDPR compliance into software (yes I am a lazy designer)?
User 122279 Photo


Senior Advisor
11,498 posts
Online Now

I think it would be better if you open a support ticket for your question. The CC staffers don't always read the forum posts.

But I would think that it would be the responsibility of every individual/company that keeps customer/client details to make sure they follow the new regulations.

Maybe CC could put together a support article that gives advice about the GDPR, as it doesn't just concern people/companies within the EU, but also those from other countries that have EU residents as customers/clients. CC themselves, e.g.
Ha en riktig god dag!
Inger, Norway
My new honey site, built with RFF: http://www.horgenhonning.net/
Component sharing for RFF, RBB, RSD and SD: http://www.horgenhonning.net/sharing/


User 362156 Photo


Registered User
39 posts

"But I would think that it would be the responsibility of every individual/company that keeps customer/client details to make sure they follow the new regulations. "

I guess you are right Inger, but what about form output that is stored on the S-drive? Contact forms contain client data which raises the question of SSL- encryption and data storage. In the end this is still the responsability of the individual company, but I wonder if Coffeecup should be considered a Data Processor? In that case we would need a Terms of Service document describing these details. We could then refer our clients to this document.

Following your advise I will submit a separate support ticket.
User 187934 Photo


Senior Advisor
18,102 posts

If you have EU customers you need to comply.
I can't hear what I'm looking at.
It's easy to overlook something you're not looking for.

Here's my S-Drive site with
examples of what can be accomplished in VSD.
http://progrower.coffeecup.com/
Here's my CoffeeCup SCCP Shop with examples of what can be done.
http://progrower.coffeecup.com/shop/
This is a site I built for my work.(RSD)
http://esmansgreenhouse.com
This is a site I built for use in my job.(HTML Editor)
https://pestlogbook.com
This is my personnel site used for testing and as an easy way to share photos.(RLM imported to RSD)
http://ericrohloff.com
http://ericrohloff.com/property/
User 235071 Photo


Registered User
110 posts

Johan wrote:
"But I would think that it would be the responsibility of every individual/company that keeps customer/client details to make sure they follow the new regulations. "

I guess you are right Inger, but what about form output that is stored on the S-drive? Contact forms contain client data which raises the question of SSL- encryption and data storage. In the end this is still the responsability of the individual company, but I wonder if Coffeecup should be considered a Data Processor? In that case we would need a Terms of Service document describing these details. We could then refer our clients to this document.

Following your advise I will submit a separate support ticket.


doesn't CoffeeCup have a Terms of Service document?

and even if it does, I'd imagine this wouldn't mean you, the site owner, would not also need a Terms of Service document, as well as a Cookies Policy, and a Privacy Policy -- and this would also, I'd imagine, need to include statements in that / those policies covering third-party collection of "data" -- this would include even basic data collection such as Google Analytics. That is, even for a non-commercial site you'd need these things -- read for all site visitors, not just "customers" in the country where you are.
Fortunately, if you look around, there's a number of places where you can get templates covering these things that are available cheaply, some even free -- but they always advise you to carefully check them to make sure they cover your specifics.
All of which, as you suggest, means SSLs etc etc should at least be considered by us all -- and again, there're a variety of these at a variety of prices, with different levels of security, and price not always being a good indicator of actual level of security. But, again, if you look around most hosting providers provide some degree of support in this area -- some even have the cost included as part of your hosting fees.
User 362156 Photo


Registered User
39 posts

Hi Russell, I absolutely agree with you on the fact that is the responsability of the site owner to make sure his website and data collection are GDPR compliant. This involves putting your own cookie and privacy policy in place. However, many of us use thirds parties such as Google Analytics or Coffee Cup to analyse, process or store customer data. As part of your own policies you would have to disclose these parties to the clients and describe their ToS to the clients. In most cases a simple link to the ToS document would be sufficient.
I assume Coffeecup will have a ToS document, I have just submitted a ticket to ask them.

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.