GDPR for osCommerce – my take on it, part 1

By | June 1, 2018

I’m not going to explain what GDPR is, I am 110% certain that everyone reading this has been inundated with those emails and done their own reading…instead, over the next few posts, I am going to show you my take on GDPR;

1. Turn off unwanted Customer Details
admin > configuration > customer details

2. Ensure the newsletter box is UNticked.
It is unticked as standard in osCommerce, but you might have changed it.

3. Install New Action Recorders
Install a “created account” and a “made an order” Action Recorders
These help to record Customer Consent.

4. Install “create account” MATC
Install some flavour of You Must Consent. I did it with a HOOK, no core changes. The potential customer must tick the box to consent to understanding privacy and terms documents (both of these popup when the blue buttons are clicked. This MATC interacts with the “created account” Action Recorder


Step 5. Install “order” MATC
Install a MATC on checkout_confirmation. Again I did this with a Hook, no core changes. The customer must tick the box to say that he understands that you may pass some details over to external companies. This MATC interacts with the “made an order” Action Recorder and again the blue buttons popup the privacy/terms documents.


So far so good. This new customer has made an order.

What Consent Data does the Store Owner have?

1. You have the Action Recorders
admin > tools > action recorders

2. You have more data stored in the DB
Access it if you need to using phpmyadmin, this is an exact copy of the Privacy and Terms to which they consented, as well as the exact consent date.


Very nice little system for recording Customer Consent.

Leave a Reply

Your email address will not be published.