Magento – DSGVO – Phone number show at the box office and other data economy

Am 25.05.2018 is it starting – the DSGVO “goes live”. The new madness and pure stress for more or less every, who maintains a presence on the Internet. Course is currently incredibly a lot of panic – because with panic, you can make good money.

Of course, we look at which points what needs to be changed. Unfortunately, you can not really mortise much concrete for Magento shop user as a tip, a tip can and we want to give.

A -not really bad- Point of DSGVO is the data minimization. That is, only collect data, really, for real, is absolutely necessary for order processing. This in turn, that the date of birth should be removed during the registration or in the checkout area in most cases. In the case of a shop with products relevant to youth protection but that is probably still allowed. As it's quite simple but can adjust the backend, It should also not go thereabout.

It should go to the indication of the phone number. This is mandatory in the Magento standard. An address without phone number does not know Magento. Thus, the customer is inter alia. in the checkout his phone number forced to provide, if he would like to order. Now you have to ask the question as the shop owner, whether the general indication of the phone number is REALLY necessary, the order to execute. I think: No.

Unfortunately, Magento is no easy way to remove the phone number, the phone number from the Checkout yet to make it optional (which would probably not DSGVO Compliant).

So one has to himself lend a hand, the phone number field of the invoice- remove and shipping address. Unfortunately, this is not quite trivial, but doable.

It must be changed three files as well as an adjustment in the database are made.

1. Remove the phone number verification process from the PHP file: To this end, we copy the Abstract.php from the directory app / code / core / Mage / Customer / Model / Address to the directory app / code / local / Mage / Customer / Model / Address
   We then remove the review process (or comment it out) the phone number from this.

         if (!Zend_Validate::is($this->getTelephone(), 'NotEmpty')) {
              $this->addError(Magus::helper('customer')->__('Please enter the telephone number.'));
          }

2. remove the phone number from the database audit process: Why the developers of Magento have deposited in two places such inspection process, ist mir schleierhaft. Nunja, He is now times since, so he has to go here. In the database in the table “eav_attributes” we are looking in the column “attribute_code” after “telephone” (this should be on the second page or mostly in ID 31). There is then at “is_required” the value of “1” on “0” set and stored.
   If this is too annoying, this can also make a small PHP script, which I have adapted:

       <?php
   
       /* Login to a MySQL database
   
       In the next line, replace the relevant parameters with your own DB data. These are available in the local.xml in app / etc */
   
       $link = mysqli_connect("localhost", "user", "password", "db-name");
   
        
   
       // Check connection
   
       if($link === false){
   
           the("ERROR: Not able to connect. " . mysqli_connect_error());
   
       }
   
        
   
       // Adjust the desired position
   
       $sql = "UPDATE eav_attribute SET is_required='0' WHERE attribute_code='telephone'";
   
       if(mysqli_query($link, $sql)){
   
           echo "Records were updated successfully.";
   
       } else {
   
           echo "ERROR: Was not able to execute $sql. " . mysqli_error($link);
   
       }
   
        
   
       // Disconnect from the DB
   
       mysqli_close($link);
   
       ?>

   This code in a file with a .php extension on the server in the Magento root directory set. After adapting the database data (s. Notes in the file) simply go to only the file via browser (Bsp. www.shop.de/removephonerequirement.php). this is done then, what you would otherwise have to make as described above by hand.

3. Remove phone number from the billing address: For this, the billing.phtml used for one's own template must be adapted. If you use the RWD Theme, lay them in the app / design / frontend / rwd / default / template / persistent / checkout / OnePage

                       <div class ="field">
                           <label for="billing:telephone" class ="required"><in>*</in><?php echo $this->__('Telephone') ?></label>
                           <div class ="input-box">
                               <input type="tel" name ="billing[telephone]" value="<?php echo $this->escapeHtml($this->getAddress()->getTelephone()) ?>" title="<?php echo $this->__('Telephone') ?>" class ="input-text <?php echo $this->helper('customer/address')->getAttributeValidationClass('telephone') ?>" id="billing:telephone" />
                           </div>
                       </div>

   simply remove or comment out this part.

4. Remove the phone number from the shipping address: Here we go just before and select the shipping.phtml in our case in the directory app / design / frontend / rwd / default / template / checkout / OnePage

                           <div class ="field">
                               <label for="shipping:telephone" class ="required"><in>*</in><?php echo $this->__('Telephone') ?></label>
                               <div class ="input-box">
                                   <input type="tel" name ="shipping[telephone]" value="<?php echo $this->escapeHtml($this->getAddress()->getTelephone()) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Telephone')) ?>" class ="input-text <?php echo $this->helper('customer/address')->getAttributeValidationClass('telephone') ?>" id="shipping:telephone" onchange="shipping.setSameAsBilling(false);" />
                               </div>
                           </div>

   Simply proceed as previously.

5. If we're at it, we can still take fast from the customer address, the phone number and. We are seeking the edit.phtml in the template directory. Bei uns app/design/frontend/rwd/default/template/customer/address

                   <div class ="field">
                       <label for="telephone" class ="required"><in>*</in><?php echo $this->__('Telephone') ?></label>
                       <div class ="input-box">
                           <input type="tel" name ="telephone" value="<?php echo $this->escapeHtml($this->getAddress()->getTelephone()) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Telephone')) ?>" class ="input-text  <?php echo $this->helper('customer/address')->getAttributeValidationClass('telephone') ?>" id="telephone" />
                       </div>
                   </div>

   Here's the relevant for the phone number part is then also removed.

This should be all, to conform to this part of the DSGVO. I hope it helps the one and the other.

I am pleased with the comments and opinions to DSGVO.

Update vom 08.06.2018

Within the required data economy, it is also the contact form on the collar. “Is it really important to know the name of the questioner to answer a question?” – and the mandatory indication of the name field is questionable. Thus, it is recommended by some experts the Name field to display only optional and not mandatory when contacting. In general, the way the note, that one should mandatory also clearly labeled as such. For me the way the wrong way round expressed. The system will make sure, that these fields are filled. IMHO it is more important to identify, which Fields NOT mandatory So are optional. Thus, the customer is not inadvertently data, he would not specify.

But back to the contact form. Which fields you needed, which not? The “Name”-Field should therefore be optional. Specifying a website, fax number, Subject…. etc. is necessary only in rare cases, should therefore be removed or optional. What about the contact possibilities? Telephone, E-Mail? May both be a required field? In most cases, probably a clear “NO”. A method of contact is sufficient. So you take the mail box as a required entry and phone optional, it should be fine. Possible the mandatory field might otherwise easily “E-mail or phone number” to call and leave the customer the choice he would like to be contacted. to verify the entered value systemically, is of course more difficult.
The fact is, however, now, Magento that indicates the indication of the name in the contact form as required. So this needs to be changed, To be optional. We need two changes.

1. If the form.phtml used adjusted (at RWD, for example in the folder app / design / frontend / rwd / default / template / contacts). Here is ca. in line 41

   <input name="name" id="name" title="<?php echo Mage::helper('core')->quoteEscape(Magus::helper('contacts')->__('Name')) ?>" value="<?php echo $this->escapeHtml($this->helper('contacts')->getUserName()) ?>" class ="input-text required-entry" type="text" />

   we remove from this line only “required-entry”.
   Furthermore, two lines is over it

   <label for="name" class ="required"><in>*</in><?php echo Mage::helper('contacts')->__('Name') ?></label>

   more

   class ="required"><in>*</in

   distant, so that only

   <label for="name"><?php echo Mage::helper('contacts')->__('Name') ?></label>

   remains.

2. Next, we open the file app / code / core / Mage / Contacts / controllers / IndexController.php. Here is checked, whether the fields are filled (and also as teilwese). As. in line 75 is the area, who is responsible for the name.

                   if (!Zend_Validate::is(trim($post['name']) , 'NotEmpty')) {
                       $error = true;
                   }

   This is without replacement. Unfortunately it is not possible with a copy of the folder structure and file in the “code/local”-to make folders the core file in peace and create only one copy, the overruled the original file. For this purpose, a real rewrite would have to be created and that requires ideally a small extension.

Now, the name field is no longer required.

One might even get the idea to install a checkbox, the user must click on the agreement on the transmission of data. Of course there is no clear case law. I agree with the opinion, having to inform the data protection information through the contact and the use of data. A checkbox is M.E. unnecessary. Let's be honest: You can enter into a contact data, on the “Send”-Button and then be surprised, that its data are transmitted and then in the worst case someone replies? Any reasonably sane man, So should be aware, that he transmitted by clicking the data entered by him. To whom and what happens to it, then he can read in the DS Information (because if he wants).

You should be safe as pages operators, still packs a notice with a link to the contact page. This can be as easy as adding a static block (see HERE) or make by adding text directly into the file. Is the page monolingual ranges, for example,

<p>We use the data entered only to answer your request. Another in our <a href="/data protection">Privacy Information</a>.</p>

could work to multilingual and

<p><?php echo $this->__('We use the entered data exclusively to answer your request. See our <a href="/privacy">privacy policy</a>.')?></p>

use and then translate this to the translate.csv or general Mage_Contacts.csv

"We use the entered data exclusively to answer your request. See our <a href=""/privacy"">privacy policy</a>.","We use the data entered only to answer your request. Another in our <a href=""/data protection"">Privacy Information</a>."

So, again contributed something to data security….or?

Used in Magento versions 1.7 – 1.9 Comments? Additions? Notes? Gladly!