The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Union intend to strengthen and unify data protection for all individuals within the EU. It becomes enforceable from the 25th of May 2018.
The Right of Access (Article 15 of GDPR) gives citizens the right to get access to their personal data and information about how these personal data are being processed. A Data Controller (You) has to provide, upon request, an overview of the categories of data that are being processed (Article 15(1)(b)) as well as a copy of the actual data (Article 15(3)).
PERSONAL DATA REPORTS
Our extension will provide your customers with an automated process of requesting and retrieving their personal data with the following steps:
Step 1. Customer visits a GDPR request form and submits a request by providing their email address.
Step 2. If email is valid and belongs to an existing customer a confirmation email is sent.
Step 3. If the confirmation link is clicked, customer is presented with a confirmation screen and a personal data reports is generated for them.
Step 4. Customer receives their personal data report by email.
RIGHT TO BE FORGOTTEN
The extension provides with your customers with an automated process to request their personal data removal. Once the account ownership is verified, the extension will anonymise some data (user table date) and delete some date (user meta table).
- PHP version 5.2.4 or greater (PHP 5.6 or greater is recommended)
- MySQL version 5.0 or greater (MySQL 5.6 or greater is recommended)
Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of GDPR Personal Data Reports, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.
In the search field type “GDPR Personal Data Reports” and click Search Plugins. Once you’ve found our eCommerce plugin you can view details about it such as the point release, rating and description. Most importantly of course, you can install it by simply clicking “Install Now”.
The manual installation method involves downloading our plugin and uploading it to your webserver via your favourite FTP application. The WordPress codex contains instructions on how to do this here.
Automatic updates will prompt you to update the plugin from time to time.
Setting Up / Configuration
Once the plugin is installed and activated please visit Settings -> GDPR Settings and configure all fields according to your needs.
To include any of the user and product metadata in the report you need to set them to ‘Yes’ and add corresponding label text in the ‘GDPR User Fields’ and ‘GDPR Post Fields’ tabs.
If you want to allow users/customers to delete their accounts automatically, please set the ‘Right to be Forgotten’ setting to yet.
More details about the configuration fields:
‘Other locations/services where you store personal data’ – this is other systems or services that can reuse personal data information from your WordPress installation, for example Mailchimp. Content of this field will be attached to the personal data report sent to the customer.
‘Physical locations of servers where you host your website and other data’ – this is phyical locations of the servers where your installation is hosted. Content of this field will be attached to the personal data report sent to the customer.
‘Max Requests per Day’ – this is a maximum requests that the customer is allowed to submit per day. We recommend to set this to a low value, no more then 5.
‘Max Confirmation Attempts’ – this is a maximum confirmation attempts that are allowed per one request. We recommend to set this to 3, it can not be set to more then 10 attempts.
‘GDPR Email Header’ – this text will be added in the header of the personal data report email. You can include basic html in here.
‘GDPR Email Footer’ – this text will be added in the footer of the personal data report email. You can include basic html in here.
‘Limit of Requests Displayed in the Log’ – maximum of requests displayed in the ‘GDPR Request Log’ tab.
‘Give customers “Right to be Forgotten”‘ – if you want to allow your customers to delete their accounts this needs to be set to ‘Yes’. Setting this to ‘No’ will disable the form even if you have a page with a shortcode active.
Once you completed configuration you will have follow the steps below:
Insert the forms shortcodes on the pages:
- GDPR Data Report: [gdpr-request-form]
- Right to be Forgotten: [gdpr-forget-me-request-form]
Both shortcodes can accept 3 parameters that allow you to add custom styles for headers, paragraphs and submit buttons.
Example shortcode with custom classes added should look like:
[gdpr-forget-me-request-form text_classes=”class1 class2″ header_classes=”class3″ button_classes=”class4″]
- How is personal data deleted?
Any user meta data is deleted. Any user data in the user table is anonymized which means the record remains in the Database and can still be linked with other data by id but no personal data can be retrieved anymore.
Sample data before anonymization:
user_login: joe_admin; user_nicename:joe; user_email: firstname.lastname@example.org
Sample data after anonymization:
user_login: XJbmJ0tu8; user_nicename:8ty; user_email: Ti4g51CbuL5ttsD3
- Can the plugin be translated to my language?
Yes, a base .pot file is included so it can be translated to your language.
Contributors & Developers
“GDPR Personal Data Reports” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
1.0.0 Initial release.
1.0.1 Added plugin prefix to all plugin CSS classes.
1.0.2 Added CSS wrapper class to the forms code.
1.0.3 Add German language files.
1.0.4 Fix issues with the forget me form.
1.0.5 Update how request record is created.