GDPR

yes, that is the problem
but its only about personal data (i.e not weather data)
but even storing a person’s name is personal data
there is no personal information about a user of WD stored though
ie. you do not enter your name/address, age or anything anywhere

You store the longitude and latitude which gives their location.

oh, true that
so I will need to encrypt that?
?

that sort of information though is only stored on the actual customers PC
is this more about where you store customers personal data on say a companies data base, or in the cloud, etc ?

Guess you are correct on that.

You do store their Name and email address when they purchase WD?

I do get an email from Paypal that has the user name and address
but from what I understand, since they are gathering that info initially, Paypal are the ones who have to make sure they have that customer personal information secure
its not up to me to make sure that they are adhering to the rules…from what I understand
?

https://www.paypal.com/stories/uk/getting-gdpr-ready

Do you keep that email or delete it? I would think if you keep it, it could apply to you.

I can easily delete it
( i have it in a folder)
its of no use to me anyway
more information here
https://www.fsb.org.uk/resources/are-you-gdpr-ready

its more about sensitive personal data other than more publicy available public data (name and address)

just for good measure I have now deleted the emails of orders
and will do so each time I get one from now on, just to be safe

more of a worry is I have read where a Lawyer can contest your Business practices around this
and serve you, and you need to then pay their fees

Maybe I need to put a statement on the purchase page that no personal information is stored?

confusion reigns.

My employer sees clients in the US from around the world. When that happens, they are on our soil and the GDPR does not apply (according to a very expensive 39 page report from some outside counsel.)

However if we opened an office ON THEIR TURF, things would change dramatically.

Questions become fuzzy when we answer emails from them while they are in their home area (right now the opinion is that email isn’t quite the same as having a location there).

Also our laws and some state laws require ‘forever’ data points to be maintained when we provide service, here at least. So when the EU person wants to be forgotten, I’m pretty sure it ain’t gonna happen, folks. Maybe the stuff generated if we ever open an office over seas, but only to the stuff pertaining to data generated there, and not here.

Otherwise, it is a big mess. Parts are in contradiction to one another from what our, did I say expensive?, attorneys have advised.

For many, it won’t be worth the threat of being fined 4% of your GROSS sales, not net, and not from that particular transaction. So if you sell a widget and get $10 from the sale, it isn’t 4% of that, it is 4% of anything you sold, so if you sold a few hundred ships to some Dutch company, it is 4% of everything. Clearly this is punitive beyond common sense, and one must speculate as to how in the world they even dreamed anything like this up.

Google, Microsoft, Apple and others are huge cherries to be picked by them finding an infraction and milking it for all they are worth.

I’m not even a cheap attorney, but from what we’ve been told, you can do all the business you want remotely and answer emails and all, but just don’t open a business in their countries.

I’m sure there will be those who reconsider opening a branch in an EU country.

I have been told its 4%of your customers gross sales?

You can now see why in many ways this is the worst piece of legislation that has been drafted. I very much doubt that anyone who does not actually have an office within the EU jurisdiction will be successfully caught and prosecuted. As Dale has pointed out much of this bill conflicts with US law and we all know whose law will take precedence the US law of course. Obviously people like Google, Paypal etc who actually have offices in the EU need to comply but I honestly believe Brian has no need to worry. I am not a lawyer just my opinion.

Stuart

In the USA, at least, there is a popular marketing endorsement called non-GMO, for identifying items that are produced from non-genetically modified plants or animals.

Perhaps we can come up with a fancy symbol and have it be " Non-GDPR" as a sign to the EU’s trolling lawyers that no personal data are stored? Any graphic designers out there to draw up something catchy and slick?

Brian, yes it is 4% of any gross sales, and I assume it is for the year the ‘infraction’ as they view it, is found to have been done.

If your product is say $100 each, but you sold $2,500,000 of them last year, they want 4% of that, not the net profit of $1000 that you made after production costs.

As far as I can see, there are no exceptions. I’m puzzled by how insurance companies, medical businesses, and even car companies with warranties for example with a 5 year bumper to bumper coverage can show how long the owner had the vehicle, if they were told by the buyer to ‘forget me’ and then come in for service.

Or banks, to identify their customers with stored passwords, etc.

The great danger, I think, is to the consumer if they decide to be forgotten, ever regaining their legal status. Are passports protected or exempt somehow? How about criminal records? “This is the tenth arrest for driving while intoxicated for this arrest…No, wait, he was ‘forgotten’ so well, I guess this is his first offense.”

You can see the poorly thought out and not well defined scope of this thing.

for me, I only kept the customers purchase emails for when someone wanted to re register WD
now it is up to the customer to prove that (i.e they need to keep that email, etc)

I can see that is the sort of change some businesses will make ,yes?

Brian, the shifting of the responsibility to the consumer does eliminate the risk of some attorney from the EU knocking on your door, but it certainly does upset the apple cart of how things have been done in the past. I, like others, have had computer crashes, and with it most of the emails that I’ve ‘saved’ but never in years past had the need to back up to another form of storage.

All vendors are going to be doing what they need to try to avoid any oppressive action by the EU, but going forward is one thing, having erased all the past history when those of us who have, in essence, depended upon the various vendors having a record that our products are still eligible for upgrade or re-activation by folks like you who offer a once purchase and good forever, ara now in a pinch, not having a record of having bought something.

All this goes to prove that the baby can be thrown out with the bathwater when dealing with this issue. And just how poorly thought out the after effects of this law will be.

I’m thinking it willl implode once a major business gets a complaint and takes this unworkable law to their courts. One reason to not open a branch office anywhere near the EU.

Dale

paypal though does keep that info and so I can search for the order via email address or name on the paypal web site when I log in
its then puts the burden on paypal to make sure they are secure in with peoples personal information
(its all designed to lesson chances of data breaches…i.e make businesses take security of peoples personal information more seriously…there has been data breaches from companies in the past (i.e they are hacked etc)

I was just reading about paypal and gdpr. I note that PayPal’s Chief Operating officer’s name is Bill Ready :lol:

Hi Brian
in 2003 you were using worldpay when I purchased my first copy so where do you stand with worldpay info
Harold