To post a new support question, click the Post New Topic button below.
Current Version: 4.8.5 | Sytist Manual | Common  Issues | Feature Requests

Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.

Gdpr

A
89 posts
Thu Feb 08, 18 3:02 PM CST
Hi Tim

Im not sure how aware of the european General Data Protection Requirement (GDPR) but it comes in to force across the Uk and europe in May.

One of the important aspects of GDPR is that all 3rd party suppliers that hold client details need to be GDPR compliant too. Online gallery software, database software, accounting, etc. Even if you are complying, if your providers arent - includng website hosting - photographers can be fined.

I wondered if you were aware, and if so are you making any changes to the software.

Thanks
Allan

16,148 posts (admin)
Fri Feb 09, 18 10:15 AM CST
This is the first I have heard of it and I have been reading up on it. Sytist is running on your hosting and none of your customers' data is stored anywhere else.

There might be some things I will want to add such "right to be forgotten". You can delete a customer account now, but may need to be able to wipe out customer information from orders without deleting the orders.

I will be doing more research on it.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
T
357 posts
Fri Feb 09, 18 1:37 PM CST
It's an approaching nightmare, and might tun out to be another law with huge unintended consequences.

I guess an important part is hacking. Are customer details encrypted at all using sytist?
Edited Fri Feb 09, 18 1:43 PM by Trailboy
A
89 posts
Fri Feb 09, 18 3:07 PM CST
Thanks Tim, it's being talked about a lot in business and photography forums in the UK, so I thought it was worth flagging it up
M
296 posts
Fri Feb 09, 18 5:38 PM CST
It might be less of an issue than many forms charging for training are making it out to be. Biggest point is having a GDPR info page on its own and as most photographers are not passing the data to a 3rd party there is generally no reason to register if you use the checker tool on the ico website

Mailing list is already an explicit opt in so that is a good thing.

Case law will decide.

What I have written here is based upon conversations with experts in the field of GDPR but that does not make my comments expert

Mike
C
127 posts
Wed Feb 14, 18 8:28 AM CST
One of the focus points of GDPR seems the retention of customer data. From what I understand, the only key reasons why you should be retaining customer data is to fulfil a contract or a legal obligation. In the UK we need to keep accounts details for a period of 7 years - and I would imagine that any form of order tracking / records would probably come under the "legal" category. However we have a LOT of customers on our database who have not purchased, or logged on for a considerable time. Therefore is there any plan for Sytist to have a facility to "cull" these customers in bulk, based on date of order placed (maybe not a current issue as Sytist hasn't been going for 7 years...) or period of inactivity (i.e. no log-ons), or date of registration? I know that can be individually removed, but when there are thousands of registrations that method is impractical.
M
296 posts
Wed Mar 21, 18 7:18 AM CST
Essential information that we need to add into the system is that the customer has opted in and the date they opted in

It would be great to have a system like a splash page that collects this from existing and new customers and subsequent visits just state a reminder that they have done this

This will become ever more important as we approach the 25th May when we must be compliant

Mike Weeks
A
55 posts
Thu Mar 22, 18 8:39 AM CST
I agree with Mike regarding a splash page, used to have that option on Photocart but cannot see it on Sytist. A customisable splash page that require customers to login and a tick box allowing them to "opt in" and save their data. We could then add text with a brief gdpr outline and link to full declaration sub page.
G
36 posts
Sat Mar 24, 18 10:55 AM CST
Hi Tim,

As others are stating, we need very much to be on top of the GDPR requirements. One possible solution rather than having a splash page would be for us to be able to configure the account creation page to include the necessary opt-in questions including a link to our privacy statement and acceptance of the same. Further, it would be extremely helpful if there were an automatic splash page to challenge returning customers when logging into their accounts to complete the same opt-in form to ensure that we have the same compliance for old customers . Once completed, that splash page would not appear the next time they log in.

Important to note too Tim, that you will also be required to comply with GDPR as you are interacting with residents of the European Union. The GDPR has global implications, not just within the EU.
T
357 posts
Thu Apr 12, 18 2:32 AM CST
I suppose it had to happen sooner or later.

A client has demanded evidence and demonstrate that I am fully GDPR compliant for them to continue to use my services.

I'm in the process of writing a specific FAQ question and an updated privacy policy.

One question that I asked earlier and has not been answered is:
are customer details and personal information encrypted on the server?
I'm not 100% sure it's GDPR mandatory, but it would prove that we value customers data.

Edit 1 - I think under Article 5 f it probably is: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/

As stated earlier, we also need an agreement tick box at the 'create an account' and login page with link to privacy policy and to get their permission to hold their details and contact them. This might come under 'assumed', but better explicit. I don't 'market' to account holders, so any contact regards their actual order anyway.

I think a few schools are going to refuse to give me a pupil data list this coming year until all this settles down, as I'm friendly with several headmasters/mistresses. So no SIMS discs for them and I'm back to Pupil001, Pupil002 etc. This is going to make customer services more difficult.

Edit 2 - I'm going through customer details, and I've just noticed that one customer has used the + symbol as part of their gmail address. My customers are more data protection savvy than I give them credit for.
Edited Thu Apr 12, 18 5:12 AM by Trailboy
16,148 posts (admin)
Sat Apr 14, 18 6:05 AM CST
From what I have read it is not required to encrypt customer information. Their passwords are already encrypted.

And I don't think you need an option for them to check to hold their details. They are creating an account so that would be assumed. You do need an option for them to check if you are going to remarket to them. With the mailing list option in Sytist in People -> Mailing List Settings, there is an option for "Enable Join At Checkout & Create Account" and then the default status. That default status has to be set to unchecked for GDPR. The customer has to check that option themselves.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
This reply was deleted.
12 total messages
Please log in or Create an account to post or reply to topics.
This post has been viewed 1,497 times
 
Loading more pages
Loading more pages

Sign up for email promotions.

Your information is safe with us and won't be shared.

Thank you for signing up!

 
©2003 - 2021 Grissett, LLC. All Rights Reserved.

By continuing to browse or by clicking Accept Cookies, you agree to the storing of cookies on your device necessary to provide you with the services available through our website.

    Accept   Privacy & Cookie Policy
Loading More Photos
Scroll To Top
Close Window
Loading
Close