GDPR in Themeforest and in templates that we sell

Hi everyone! I am an EU author and as everyone knows on 25th of May 2018 GDPR will take effect on all EU and Non-EU companies. My question is - what Envato as a EU company and all authors should do to be compliant with the new regulation? What Joomla, Wordpress, Drupal, HTML and other template makers are going to do with their demo websites? I will be happy if you share your opinion. Take care and good luck :slight_smile:

1 Like

As an end user I too would like to know the answer to this. It seems any product sold and used in the EU will need to provide facility for GDPR compliance.

From link below:

Whether you’re developing a theme or a plugin for a specific client project or for wider distribution, the regulations will apply if your code includes the facility to collect personal data.

Envato is not an EU company :slight_smile:

Probably mean’t as ‘a company selling into the EU’.

There are a lot of non EU companies taking GDPR serioulsy as it will have an effect on sales - i.e an EU customer will prefer to buy other products offering compliance with their regional law

1 Like

So, does anybody or Envato has a valid statement to this?

Do we have to take care of anything, when we sell on Envato as an EU company or to EU customers?

Do I have to sign a special contract with the buyers? So far, I know I don’t, because the buyers are not my customers, they are Envato ones, and all the personal data are located at Envato servers. But I would like to have official statement about it.
All I do is to linke to my profile’s and product pages in the CodeCanyon store.

Would love if someone can help.

Best regards.

We as authors are not necessary to make products that comply with GDPR, it is your responsibility as the owner of the project were you implement it.

GDPR is all about data collecting, using and managing it. We do not collect any data on our demo websites nor use or manipulate it.

I get that the project a tempate is used for must be the responsibility of the buyers but I wonder what about:

  1. If people register on an author’s support site that is likely to require email etc.?

  2. If authors remotely install plugins etc. remotely and therefore keep a record of sites that installs have taken place on? (IP address is now ‘personal data’ so site URL must be)

That’s 100% valid! :slight_smile:

the question here is the demos… the data you are talking about is collected on our own pages… of course support platforms require GDPR and for example website maling subscriptions.

I don’t have the technical experience of many authors on here but does WP not drop cookies by default?

Do those cookies allow for user recognition or are they just general?

We get regularly retargeted by various themes etc. on here where we have visited the demo - this should require consent under the new rules, and would be an interesting one to watch.

It looks like there is a problem with Google Fonts - there are a lot of discussions about this on the web, are they GDPR ready or not (and in most case they are ok if they are stored locally - inside the theme/template) - that was what I have found.

So, if you are using Google Fonts and or Google Analytics code, probably you need to include the Privacy Police on your demo (that is how it looks for me).

Also, there are contact forms on the demo - one more reason for Privacy Police (of course, you can set contact form in “demo” mode and not to receive the mails).