OpenMage / magento-lts

Official OpenMage LTS codebase | Migrate easily from Magento Community Edition in minutes! Download the source code for free or contribute to OpenMage LTS | Security vulnerability patches, bug fixes, performance improvements and more.
https://www.openmage.org
Open Software License 3.0
870 stars 436 forks source link

Apply GDPR rules to magento #362

Closed inluxc closed 6 years ago

inluxc commented 7 years ago

What do you guys think about GDPR in Magento, it's going to be a Big thing in the EU http://www.eugdpr.org/.

How should we approach this as (core / optional) or as a module? Basically, we have to encrypt the customer's data in the database and every communication with the customer has to be concent.

TODO's

tmotyl commented 7 years ago

I'm quite up to date with the topic, and you're right it is a big thing in the EU. However it's not a hard requirement to encrypt customer data in db. There are other more important requirements which might require changes in Magento e.g. "right to be forgotten".

inluxc commented 7 years ago

We should do a list of all things we need to do.

colinmollenhour commented 7 years ago

As M1 is not EOL yet it would be interesting to see if anything is done about this in upstream and in CE specifically...

colinmollenhour commented 7 years ago

Encryption should probably just be handled by the database or filesystem layer. Handling it in the app would be very ugly. E.g.: https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace-encryption.html

grizwako commented 6 years ago

Hi, please keep in mind that you need user consent to just see customer data.
While the right to be forgotten seems tricky indeed, I think that case where user temporarily disallows access is even trickier. Did you guys maybe get some feedback from official Magento team/upstream?

oviliz commented 6 years ago

I doubt they would do for CE more than this, https://magento.com/blog/magento-news/magento-gdpr-and-you-5-things-know-right-now

clotted commented 6 years ago

Some nice guidance here + extension: http://www.zero1.co.uk/2018/01/24/gdpr-how-to-achieve-compliance-with-magento/

clotted commented 6 years ago

This looks useful too: https://github.com/DivanteLtd/anonymizer/

stevensagaar commented 6 years ago

This page looks promising with FAQ and key suggestion & considerations around Magento stores https://www.scommerce-mage.com/magento-gdpr-compliance.html

Flyingmana commented 6 years ago

For: Right to be forgotten

Regarding order data, we will need to keep them, at least as long as legally required (germany 10 years)

https://blogs.opentext.com/general-data-protection-regulation-gdpr-can-customers-use-opentext-sap-timely-deletion/

non order related data is another topic, basically anything else related to a customer account.

Doing this in a extendable way gets interesting, as you cant build a solution which covers all 3th party Modules automatically. In the end I would say this part can already easy be done by the customer support. Just change all personal identifying data on the customer account and delete the addresses there. So while we can put a lot of work in building a genius solution, it will not be a lot faster then currently.

jaimiedijstra commented 6 years ago

I agree with Flyingmana's comment, there are a lot of reasons to keep sales data for accounting but also returns, insurance, proof that a service/product was provided, or dare I say public liability! I am UK based. I am Just getting my head around this GDPR (a month or two in!) but it states we need to give the customer the easy option of deleting the personal data. I am not convinced that "Easy option" specifically means providing the facility for the customer to action this at the click of a button in their account area, as this may be too complex as this not only causes issues or checks for third party extensions but may cause issues for third party data processors (i.e. mailchimp integration or cloud accounts solutions, shipping...etc), all of which may require admin to handle the deletion request (or to make non-essential data anonymous. Would be great to get any feedback from anyone else who is looking into this? From the official EU sources, the deletion needs to be done in a timely manner which is less than one month, not seconds?

tomekjordan commented 6 years ago

Hi. according to the law, you should delete personal data on request, but orders completed and its data should stay in your database for accounting, taxes etc. I dont see any reason for removing it. Privacy law cannot cover other laws like tax laws. so stores should have still access to the data, only user account should be deleted or anonymized. I see this as deleting account by admin in Magento, it makes user account to be romoved, but all past orders are changed to guest made (or something). and its sufficient

inluxc commented 6 years ago

I agree @tomekjordan, but as Portugal you have to have an certified accounting software all the orders and tax have to go to that software has Magento is not a certified accounting software. So we have to anonymize or delete the customer info. I going to start an GDPR module, with the point's i have added on top. Most of them optional, so people can activate and deactivate them as needed. Open-Sourced of course.

stevensagaar commented 6 years ago

@tomekjordan and @jaimiedijstra - you don’t need to remove any order data, just need to anonymise customer data from orders, invoices, shipments and credit memos. Rest of the data can stay in Magento for tax purposes for example order number, tax, shipping, product information, order total etc. Hope it clarifies!

sreichel commented 6 years ago

Closing this. Out of scope - at least for now.