GDPR oversight!!!
Autor: Sinisa B.
Visitado 1123,
Followers 2,
Compartido 0
@ INCOMEDIA - you should fix this fast - it's a serious GDPR rule infringement!
IN THE FORM > Agreement conditions > should send THE ACTUAL TEXT of the agreement conditions to the CLIENT - who must be able to see/read what she/he has agreed upon!
***
The way that is set know > The FORM just sends the LABEL FIELD name and the word "YES"....NO ACTUAL AGREEMENT TEXT has been sent!!!
In the sent e-mail - there should be the agreement/contract text and the client conformation beside it.
That's the GDPR rule!
Publicado en
Hi Sinisa,
A workaround, because ....
Add a mandatory field
Enjoy !
Axel
Autor
@ Axel
Thank you - but I need this in a regular website (no eCommerce).
This should be set in a regular FORM object.
Cheers!
Autor
@ Elisa or Stefano
This issue is a serious violation of the GDPR regulations!
Unfortunately, I know that for a fact because I'm the "GDPR officer" in my company.
Please comment on this - thank you!
Hello Sinisa
If I understand correctly, after the user completed the form, he should receive a copy of the privacy text in his email.
Do you believe that a link to it would suffice? I find it hard to believe that a company should send the entire text together with the email. If the text is several pages long, that would make the email absurdly large. If you can simply place a link to your online documentation in the email, why not do so?
Could this work for you?
Keep me posted here on this
Thank you
Stefano
Autor
@ Stefano
By the (stupid) GDPR laws - the company who collects the permission for something (i.e. to use a user name and email for a survey) has to have a proof that the user has agreed to the exact terms.
Thus, those terms has to be the integral part of the FORM data - which will be collected as a CSV document or as a regular e-mail message.
This should be the complete "agreement text" - no matter how long the text it is!
(the text is only a few KB - so this is no problem)
If we offer just a link to i.e. our privacy statement - the user could (in the case of legal dispute) claim that, in the meantime, we have changed the part of the text OR that she/he was not able to open the page were the original text was...
I had this kind of dispute when I have been selling my own software... so I'm very careful about that...
Stefano, hopefully you'll get what I meant to say...
Hello Sinisa
Another proposal. Why not insert it here?
This way, the GDPR text would always remain in the emails that are sent to the customers
Keep me posted on this
Thank you
Stefano
Autor
@ Stefano
Why is it a problem to set this how it supposed to be?
Stefano, please do not think I'm ungrateful for giving me "a patch" for this issue - but it's not - and it could not be - the final solution!
For example- if a website has two (2) or more forms - with some kind of rules to check - setting up just one type of text in the E-mail layout box will not work in both cases...
I was a Dreamweaver "coder" (never a professional one) - and edited my share of HTML's and PHP forms. This "form-field" content should be sent with the rest of the form-fields (name, e-mail, telephone etc.).
End of story - problem solved!
It just needs to add that message-box (GDPR rules) to be sent as well. It's not really a work for your IT guys.
It doesn't matter how long the text is - the memory consumption is minimum because this is a pure code-text without any formatting (measured in KB not MB).
Stefano, I just think that your IT guys have overlooked this while building app (mainly while setting up a PHP mailer script). I repeating myself - this could be fixed in 5 mins (with the recompiling time included).
If you think this will be solved much faster - please set this post as an IDEA (it is not - it's, well, a bug - because it is out of the GDPR regulations)... and WSX5 claims to be a GDPR regulated software.
Grazie!
Hello Sinisa
I would not consider this a bug since the possibility of having this text sent in the order email is definitely there. I understand that it might be done in a different way, but it is definitely already possible without needing to change something in the software.
You have a valid point before. However, you're able to add the GDPR text in whatever email you wish specifically.
For emails regarding Ecommerce you could add those in Step 1 -> Ecommerce cart:
For a specific Email Form:
I think this should be ok to achieve what you need. Let me know if there's anything that comes to your mind for which this might not be alright
Thank you
Stefano
Autor
@ Stefano
Thank you for your effort!
Yes, there is a way of workaround for many things in the software but these are all "workarounds" not the right solution.
In my case - I can not sent any confirmation mail to the user - because I'm using the form for collecting data where there is no personal e-mail to be send upon submission (as a form of confirmation).
I just need to have - in the CSV file that the form-handler sends - the complete text from the box Agreement condition - that's all!
Stefano, you are a coder, right?
Then you should know that by the time you and I writing this posts left and right - this could be already fixed.
Hello Sinisa
Let me understand what part of the software exactly you're using. You're not sending a confirmation to your user, correct?
Then, are you saving this data on a Database or via email?
I assume you're receiving it via Email since the CSV option is only here. Or perhaps you're generating a CSV file from the Database?
In any case, the text cannot currently be inserted into the CSV since this data is not being filled in directly by the user and only that type of data is currently set.
I don't really see how this conflicts with GDPR though. I need to understand this better.
If the issue is that the user must be able to confirm that he agreed to something, not sending him a confirmation email already violates this. If you're the only recipient of the email you could change the data in the CSV whenever you wanted. That doesn't seem to count as a valid enough proof
For the moment, the software allows you to send the complete text to the user after filling out the form and I believe this is what the GDPR requires.
If you have any further official information on the situation you describe precisely, please let me know here so that I might help you out further
Thank you
Stefano