Portal | Homepage | Blog

How GDPR will affect us - practical terms


There are new regulations coming in to force from May 2018 with regards user data.

Source: Wikipedia
Source: ICO

Has anyone (especially Nitrosell) put thought as how to apply this on a practical level to their data, and what changes need to be made to the Nitrosell site and the way you store their data?


Hi Chris,

We have general processes in place for handling of personal data. In terms of who is the data controller, because we are POS-integrated, NitroSell is legally a data processor and the retailer is the data controller.

Should you need to delete a person’s data under “right to forget”, you can delete their record from the POS, and can request that we erase order history and any web records through a ticket. As a policy, we only retain data at a retailer’s request, and data is only retained as long as you are a NitroSell customer.

In terms of breach protection, we have extensive security measures in place in order to meet and maintain PCI-DSS Level 1 compliance. We have a comprehensive compliance process, and many industry standard security measures in place, and all of these are checked annually with an on-site audit, annual penetration testing, weekly internal and external security scans, and managed intrusion detection systems. Our compliance provider is Trustwave, the leader in the space.

Finally, with regards to “opt in” for personal data collection, we do not yet have a standardised message to be displayed at registration or checkout, and a checkbox for same. Once we have come up with a standardised message that meets the standard, we would be happy to add this as a config option that can be enabled. If you would like us to add one in the meantime, please open a ticket, and it can be done easily.

If you have any other queries or concerns, please let me know.



Thanks @donogh - does this mean Recently-Viewed can selectively be disabled for specific customers who do not want to be tracked?


Hey Todd! No, use of the site will still be conditional on consent to cookies; they won’t be able to opt out of specific features. (Guest checkout, which already exists, will stop the store from creating a customer account, and mailing lists will be explicit opt-in, as opposed to implicit / opt out by default.)


Thorough as ever…thank you Donogh!