Description
With upcoming General Data Protection Regulation (GDPR) websites have requirements to protect personal data of their users.
This plugin offers following:
- Pseudonimization of user private data (including WooCommerce if installed)
- Newsletter consent trail
- Download all user data
- Forgetting user personal data
This plugin is considered in BETA stage due to lack of testing. Please BACKUP your site befor usage.
Please read the Installation section and report your plugin issues to [email protected].
To hire our agency to help you with site rebranding/development or other GDPR requirements please contact us through our site https://www.divertdigital.com or email [email protected] directly.
Pseudonimization
Pseudonimization is process of encrypting sensitive data with encryption algorithm to prevent access to that information by unauthorised users. We are using ChaCha20-Poly1305 to encrypt data to allow for better compatibility for older Word Press sites. Unfortunately AES requires PHP 7.1 which is not present at many hosts.
After checking the encrypt option in settings for each user is generated key in wp-content/enc_keys. This is explained more in the FAQ section. All personal data for the user and WooCommerce will be encrypted and decrypted automatically so no visible change should be identified.
Article 25 EU GDPR “Data protection by design and by default”
Article 32 EU GDPR “Security of processing”
Newsletter consent trail
Consent trail is required to demonstrate that user has consented to processing of personal data. This part of plugin allows easy consent trail generation as PDF files in wp-content/newsletter_consents by doing predefined actions. Plugin handles cases of when subscribe is pending (user needs to confirm email) and when subscription is confirmed. See the Newsletter consent for configuration
Article 7 EU GDPR “Conditions for consent”
Download all personal data
This is required functionality to allow user access to all of his personal data. This is represented as a button in a profile area once enabled.
Article 15 EU GDPR “Right of access by the data subject”
Article 20 EU GDPR “Right to data portability”
Forgetting user personal data
Users need the ability to remove all personally identifiable data from the website. All personal data is set to N\A (Not Available). Users can access this functionality through the button on profile area, while admins have that option as bulk action. This GDPR requirement has very big implications as the data has to be removed even from the backups! More info in FAQ section.
Article 17 EU GDPR “Right to erasure (‘right to be forgotten’)”
User data downloading
Plugin by default downloads WordPress data and WooCommerce private data. You can add additional data to json array by running an action.
function yourFunctionName(&$data){
// Gather your data for current user
$userData = array(
'some_sample_data' => 'This is probably retrieved from database',
'some_other_data' => 'Some other data you offer in download.',
'notice_for_devs' => 'Please be sure to get all user data in your system'
);
$data['custom_user_data'] = $userData;
} add_action('dd_gdpr_userdata_additional', 'yourFunctionName');<h3>Newsletter Consent Installation</h3>To enable newsletter consent PDF creation modify the code in you plugin or theme functions.php to include calls to action
do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new \DateTime())->format('Y-m-d H:i:s'), $ip);
do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);
Our example below which integrates MailChimp for WordPress and uses Mail Chimp Webhook to confirm registration
function init(){
add_action('mc4wp_form_subscribed', [$this, 'newsletter_subscribed'], 10, 4);
add_action('parse_request', [$this, 'parse_mailchimp_webhook']);
}
function newsletter_subscribed($form, $email_address, $data, $map) {
// Create PDF for consent proving
$status = $map[array_keys($map)[0]]->status;
$ip = $map[array_keys($map)[0]]->ip_signup;
if ($status === 'pending') {
do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new \DateTime())->format('Y-m-d H:i:s'), $ip);
} else if ($status === 'subscribed') {
do_action('dd_gdpr_newsletter_subscribe_confirmed', $email_address, (new \DateTime())->format('Y-m-d H:i:s'), $ip);
}
}
function parse_mailchimp_webhook() {
if($_SERVER['REQUEST_URI'] != '/mailchimp_webhook') {
return;
}
$type = $_POST['type'];
if ($type != 'subscribe') {
return;
}
$firedAt = $_POST['fired_at'];
$email = $_POST['data']['email'];
$ip = $_POST['data']['ip_signup'];
do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);
exit();
}
Screenshots
Settings screen
Installation
- Upload the plugin files to the
/wp-content/plugins/directory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the ‘Plugins’ screen in WordPress
- Use the Settings->GDPR screen to configure the plugin
- Modify permisions for /wp-content/newsletter_consents and /wp-content/enc_keys to be writtable by the web server user
FAQ
- Installation Instructions
-
- Upload the plugin files to the
/wp-content/plugins/directory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the ‘Plugins’ screen in WordPress
- Use the Settings->GDPR screen to configure the plugin
- Modify permisions for /wp-content/newsletter_consents and /wp-content/enc_keys to be writtable by the web server user
- Upload the plugin files to the
- Why store encryption key as file?
-
GDPR Article 17 requires that all data be removed, even from backups. If SQL file backups contain the key in database, private information is accessible by just restoring that data. When using encryption as key personal data in the SQL file backups are not readable without it. When removing the user or forgetting his data, removal of the key file makes the data in backups void (unable to be read as we dont have key anymore). Our recommendation is to configure backup system to exclude the keys in regular backups and just synchronize the keys with rsync on the backup server with option to match delete actions in keys folder. Also it improves security by requiring potential hacker to have access to both database and filesystem.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“DivertDigital GDPR” is open source software. The following people have contributed to this plugin.
Contributors
Translate “DivertDigital GDPR” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.4
- Added checks for required folders before enabling encryption
1.0.3
- Added check to generateKeys
1.0.2
- Fixed required PHP and WordPress version. Added image assets.
1.0.1
- Fixed install instructions
1.0
- Code reorganisation and better compatibility
0.9
- First public release