J-B Posted March 13, 2018 Share Posted March 13, 2018 Hi @all, in Europe will come the new regulation "EU General Data Protection Regulation". For this new regulation I (all EU ppl) must add a Checkbox for consent to processing of his or her personal data in the register.php and contact.php For the register.php I have try it with a hook and checkbox, but dont work My Hook: <?php if (!defined("WHMCS")) die("This file cannot be accessed directly"); function ClientAreaRegisterTherms($vars) { global $_LANG; $errors = array(); if ( $_REQUEST['acceptds'] != true ) { $errors[] = $_LANG['ordererrords']; } return $errors; } add_hook("ClientAreaRegister",1,"ClientAreaRegisterTherms"); ?> I have try it with ClientAreaRegister and ClientAreaPageRegister, both not work. My Template of register.php {if $accepttos} <div class="row"> <div class="col-md-12"> <div class="panel panel-danger tospanel"> <div class="panel-heading"> <h3 class="panel-title"><span class="fa fa-exclamation-triangle tosicon"></span> {$LANG.ordertos} & Datenschutz</h3> </div> <div class="panel-body"> <div class="col-md-12"> <label class="checkbox"> <input type="checkbox" name="accepttos" class="accepttos"> {$LANG.ordertosagreement} <a href="{$tosurl}" target="_blank">{$LANG.ordertos}</a> </label> // NEW CHECKBOX <label class="checkbox"><input type="checkbox" name="acceptds" class="acceptds">{$LANG.orderdsagreement} {$LANG.orderds}</label> </div> </div> </div> </div> {/if} Anyone a idea why this not work? Link to comment Share on other sites More sharing options...
brian! Posted March 13, 2018 Share Posted March 13, 2018 3 hours ago, J-B said: in Europe will come the new regulation "EU General Data Protection Regulation". For this new regulation I (all EU ppl) must add a Checkbox for consent to processing of his or her personal data in the register.php and contact.php for others with regards to GDPR... 3 hours ago, J-B said: For the register.php I have try it with a hook and checkbox, but don't work Anyone a idea why this not work? first thought would be where are you storing the answer? ok, you're asking if they give consent, but where are you storing their response - simply adding a field to the form wouldn't store the result in the database. it's worth noting that WHMCS v7.5 will introduce an email marketing opt-in feature during checkout and registration... whether you could adapt that for your needs, or even duplicate it specifically for your consent checkbox, I don't know... it might be worth posting a question in the v7.5 beta community asking if WHMCS have plans to introduce this consent feature themselves... if so, and you plan to upgrade when it gets it's full release (which I assume will be soon and certainly this month), then it would be pointless to reinvent the wheel if they're already going to do it. if they're not, or you don't plan to upgrade, then i'd suggest using Client Custom Fields for this - that will take their response and store it in the database.... if you want to make the checkbox required, you can do so in the CCF settings and they will effectively be forced to tick it for the order/registration to progress (without the need for a hook or js). and because it's a CCF, the client can edit the checkbox value from their client area if they later change their mind.... your only issue would be with regards to layout - e.g this consent checkbox wouldn't be where you want it to be, it would be with the other custom fields... but the simple fix would be to loop through the $customfields array twice - first in it's current location, but add an {if $customfield.id neq 'x'} (where x is the id of your consent checkbox), and then loop it again wherever you want to show the consent checkbox, but in the loop use {if $customfield.id eq 'x'} to only show that one custom field... you should be able to style it like the marketing opt-in if you wanted to. untried, but this should work fine in both registering and checkout - though as I suggested earlier, might be worth checking with WHMCS what their plans are, if any, for this. Link to comment Share on other sites More sharing options...
J-B Posted March 13, 2018 Author Share Posted March 13, 2018 Why I need the result in the database? For any mailings list, ok but not for a consent. If the customer dont click to the checkbox, the customers cant register or send us a email. The EU want a explicit consent to the use and processing of personal information and this I want to do with a required checkbox. Link to comment Share on other sites More sharing options...
brian! Posted March 13, 2018 Share Posted March 13, 2018 1 hour ago, J-B said: Why I need the result in the database? For any mailings list, ok but not for a consent. and they're not allowed to change their mind later on ? 1 hour ago, J-B said: If the customer don't click to the checkbox, the customers cant register or send us a email. The EU want a explicit consent to the use and processing of personal information and this I want to do with a required checkbox. from the ICO website... Quote Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service. If you make consent a precondition of a service, it is unlikely to be the most appropriate lawful basis. You must keep clear records to demonstrate consent. The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time. need I go on.... Link to comment Share on other sites More sharing options...
J-B Posted March 13, 2018 Author Share Posted March 13, 2018 Hello brian!, I think you have to differentiate between a service and a service provider. I am speaking about the personal data and I can not sell my products if I do not have personal information. If someone dont give me the explicit consent to the use and processing of personal information, why he want to register or send me a email? Anonymous orders will be canceled the same as anonymous e-mails, they will be deleted immediately. Link to comment Share on other sites More sharing options...
brian! Posted March 13, 2018 Share Posted March 13, 2018 fwiw, you probably shouldn't have posted a request in the GDPR thread I linked to... not least because it's not in the v7.5 beta community, so no guarantees any in-house developer will even see it... there's an existing feature request where such requests should be made (linked to in the GDPR thread). I won't go over your specific points of GDPR because I guess your German lawyer has given you different advice from what I received from mine... welcome to EU law. Link to comment Share on other sites More sharing options...
J-B Posted March 13, 2018 Author Share Posted March 13, 2018 28 minutes ago, brian! said: I won't go over your specific points of GDPR because I guess your German lawyer has given you different advice from what I received from mine... welcome to EU law. That's why I didnt want to start a discussion. I think in all the other states in the EU the lawyers will make other suggestions. I want to make my site safe and that is done with the checkbox but I dont know how to create a required checkbox. 34 minutes ago, brian! said: fwiw, you probably shouldn't have posted a request in the GDPR thread I linked to... not least because it's not in the v7.5 beta community, so no guarantees any in-house developer will even see it... there's an existing feature request where such requests should be made (linked to in the GDPR thread). I will try to open a new Thread in the Beta community! Link to comment Share on other sites More sharing options...
brian! Posted March 13, 2018 Share Posted March 13, 2018 6 minutes ago, J-B said: I want to make my site safe and that is done with the checkbox but I dont know how to create a required checkbox. use a custom client field, make it a tickbox, tick show on orderform and required... test it.. and then when you're happy that it works (and it will!), then move it as I suggested. 6 minutes ago, J-B said: I think in all the other states in the EU the lawyers will make other suggestions. which I guess is why WHMCS pointed users towards that feature request because they'll want to know what others around Europe are being told to do... I would imagine GDPR to be a mess until the end of the year... by which time, we'll all have a better idea of what's the "correct" method. Link to comment Share on other sites More sharing options...
J-B Posted March 13, 2018 Author Share Posted March 13, 2018 22 minutes ago, brian! said: use a custom client field, make it a tickbox, tick show on orderform and required... test it.. and then when you're happy that it works (and it will!), then move it as I suggested. I have add a custom field as tickbox. But If I try to add this to the six template to contact.tpl with {$service_custom_field_field1} dont work. Any idea? Link to comment Share on other sites More sharing options...
brian! Posted March 13, 2018 Share Posted March 13, 2018 5 hours ago, J-B said: I have add a custom field as tickbox. But If I try to add this to the six template to contact.tpl with {$service_custom_field_field1} dont work. Any idea? having just rechecked, contact.tpl doesn't use customfields - clientareacontact would, but they'd already be a customer by then, so not relevant to this. if you're not bothered about storing in the database.. then in contact.tpl, just add the following... <div class="form-group"> <label for="inputMessage" class="col-sm-3 control-label">GDPR Consent</label> <div class="col-sm-9"> <input type="checkbox" required name="gdprconsent"> I consent blah blah </div> </div> it's a required field, so they can't submit without ticking it... if they don't, they'll see an error message as above. if you need to customise the error message, perhaps using it in the client's language (or hardcoding to German)... <div class="form-group"> <label for="inputMessage" class="col-sm-3 control-label">GDPR Consent</label> <div class="col-sm-9"> <input type="checkbox" required name="gdprconsent" oninvalid="this.setCustomValidity('{$LANG.ordererrords}')" oninput="setCustomValidity('')"> I consent blah blah </div> </div> off the top of my head, I can see no reason why it wouldn't work in other templates e.g., register or checkout. I probably should have suggested this in the first place rather than worrying about storing consent.... though there's nothing to prove they have consented (because it won't be added to the email), but that's another matter. 1 Link to comment Share on other sites More sharing options...
J-B Posted March 13, 2018 Author Share Posted March 13, 2018 Thanks a lot! Link to comment Share on other sites More sharing options...
easyhosting Posted March 13, 2018 Share Posted March 13, 2018 Quote But by the fact the client has signed up with you and added their details, then this is consent to you holding these details. In the UK every business that stores personal details on a computer or in manual files MUST register with the Information Commissioner under The Data Protection Act which is currently £35 a year. So far they have not released any info on GDPR prices or how it will be be worked out. Link to comment Share on other sites More sharing options...
J-B Posted March 14, 2018 Author Share Posted March 14, 2018 7 hours ago, easyhosting said: But by the fact the client has signed up with you and added their details, then this is consent to you holding these details. This is what you think or what your lawyer have tell you? The lawyers in germany say that the consent must be explicit. Explicit can be only with a seperate checkbox. Link to comment Share on other sites More sharing options...
easyhosting Posted March 14, 2018 Share Posted March 14, 2018 (edited) 4 hours ago, J-B said: This is what you think or what your lawyer have tell you? The lawyers in germany say that the consent must be explicit. Explicit can be only with a seperate checkbox. It is The Information Commissioner who state this and they are the ones who write the Law on this. Everything will most likely change once the GDPR starts. you should read this https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf as the GDPR is an EU directive which includes Germany and in point 7 - CONSENT it states Quote Consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in – consent cannot be inferred from silence, preticked boxes or inactivity. It must also be separate from other terms and conditions, and you will need to have simple ways for people to withdraw consent. so a pre ticked box cannot be used Edited March 14, 2018 by easyhosting Link to comment Share on other sites More sharing options...
J-B Posted March 14, 2018 Author Share Posted March 14, 2018 Are you kidding me? I never said that I want to use a preticked box. I use a checkbox that the user is free to give (click the box or not, isnt preticked) me the consent. How do you want to do that? Bether ideas are welcome! I think I have solved it great. Link to comment Share on other sites More sharing options...
othellotech Posted March 19, 2018 Share Posted March 19, 2018 On 3/13/2018 at 2:00 PM, J-B said: If someone dont give me the explicit consent to the use and processing of personal information, why he want to register or send me a email? You're being misinformed about what GDPR is and how fines/checking by the regulators will work You do not need "consent" to reply to someone contacting you. You do not need permission to ask for the details necessary for providing a service. You do need consent if you are going to use those details _for_anything_else_ (and you must explain what else they will be used for before asking for permission), that consent can be witheld, an it cannot be a condition of supplying the service, and even if granted initially must be able to be revoked by the consent giver at any time in the future Link to comment Share on other sites More sharing options...
J-B Posted March 20, 2018 Author Share Posted March 20, 2018 14 hours ago, othellotech said: You're being misinformed about what GDPR is and how fines/checking by the regulators will work You do not need "consent" to reply to someone contacting you. You do not need permission to ask for the details necessary for providing a service. You do need consent if you are going to use those details _for_anything_else_ (and you must explain what else they will be used for before asking for permission), that consent can be witheld, an it cannot be a condition of supplying the service, and even if granted initially must be able to be revoked by the consent giver at any time in the future Hi @othellotech, my english is not the best, but my german is perfect I take my informationen only from german Sites, now I explain you what is written in german Blogs about the GDPR .... Quote Formulare Die meisten Blogs verwenden zumindest ein Kontaktformular, eventuell kommen so wie hier auf datenschmutz auch weitere Formulare (für Gewinnspiele, Artikelfeedback etc.) zum Einsatz. Werden mittels Formularen Daten erhoben und gespeichert (zum Beispiel durch ein Formular-Plugin, das alle Einträge auch in der Datenbank speichert), so muss der Nutzer dazu explizit seine Einwilligung erteilen. Eine entsprechende Checkbox zur Einholung der Zustimmung des Nutzers (darf standardmäßig nicht angehakt sein) ist die sicherste Art der Umsetzung. Translate this with Google. There is, if personal data stored in the database the explicit consent is needed. And with me it is that if someone writes me something, this is stored in the database (WHMCS Ticket System)! I live in Germany, so I'm teasing what is said in Germany, before I receive a warning. Every country seems to interpret the laws differently. Welcome to the EU Link to comment Share on other sites More sharing options...
easyhosting Posted March 20, 2018 Share Posted March 20, 2018 5 hours ago, J-B said: Hi @othellotech, my english is not the best, but my german is perfect I take my informationen only from german Sites, now I explain you what is written in german Blogs about the GDPR .... Translate this with Google. There is, if personal data stored in the database the explicit consent is needed. And with me it is that if someone writes me something, this is stored in the database (WHMCS Ticket System)! I live in Germany, so I'm teasing what is said in Germany, before I receive a warning. Every country seems to interpret the laws differently. Welcome to the EU you need to ignore what you read in blogs as these could be written by anyone. if you are in Germany then you need to get the correct information from https://www.gesetze-im-internet.de/englisch_bdsg/index.html Link to comment Share on other sites More sharing options...
J-B Posted March 20, 2018 Author Share Posted March 20, 2018 The Federal Data Protection Act (that is the link that you have post) is not the EU General Data Protection Regulation! Link to comment Share on other sites More sharing options...
easyhosting Posted March 20, 2018 Share Posted March 20, 2018 5 minutes ago, J-B said: The Federal Data Protection Act (that is the link that you have post) is not the EU General Data Protection Regulation! but they run the Data Protection regulations in Germany and will be the ones enforcing the new GDPR in Germany, just like here in the UK Data Protection is run by the Information Commissioner's Office who will also be enforcing the new GDPR in the UK Link to comment Share on other sites More sharing options...
brian! Posted March 20, 2018 Share Posted March 20, 2018 On 3/14/2018 at 11:46, J-B said: I use a checkbox that the user is free to give (click the box or not, isnt preticked) me the consent. you may want to post the template code you used to create that box... it might save others asking for it in the future if WHMCS don't add something similar themselves. Link to comment Share on other sites More sharing options...
J-B Posted March 20, 2018 Author Share Posted March 20, 2018 (edited) 7 minutes ago, brian! said: you may want to post the template code you used to create that box... it might save others asking for it in the future if WHMCS don't add something similar themselves. I used your solution for that. Thanks again! clientregister.tpl {if $accepttos} <div class="row"> <div class="col-md-12"> <div class="panel panel-danger tospanel"> <div class="panel-heading"> <h3 class="panel-title"><span class="fa fa-exclamation-triangle tosicon"></span> {$LANG.ordertos}</h3> </div> <div class="panel-body"> <div class="col-md-12"> <label class="checkbox"> <input type="checkbox" name="accepttos" class="accepttos"> {$LANG.ordertosagreement} <a href="{$tosurl}" target="_blank">{$LANG.ordertos}</a> <br /> <input type="checkbox" required name="gdprconsent" oninvalid="this.setCustomValidity('{$LANG.registerds}')" oninput="setCustomValidity('')"> {$LANG.orderdsagreement} </label> </div> </div> </div> </div> </div> {/if} Edited March 20, 2018 by J-B Link to comment Share on other sites More sharing options...
brian! Posted March 20, 2018 Share Posted March 20, 2018 46 minutes ago, J-B said: I used your solution for that. Thanks again! I knew the core solution was mine, but it just saves me time if someone sees your screenshot and asks how to do it... I can link to your post now! 1 Link to comment Share on other sites More sharing options...
Recommended Posts