I have a bit of a problem with this otherwise excellent plugin, when translating its texts to French.
I have used Loco-Translate to create the necessary language files for this, and several other plugins, with good results.
However, a visitor to my French pages who wished to know what data was held about them, after clicking on the appropriate link, would receive the appropriate form only partially translated. Above the field for entering their E=Mail address is:
Demande GDPR
Pour demander un rapport GDPR, veuillez indiquer votre adresse électronique ci-dessous. Nous vous enverrons un lien de confirmation pour vérifier vous êtes le propriétaire du compte.
Below the e-mail field, they see the untranslated English version next to the Check-Box i.e.
I consent to having “MySiteName” collect my email, IP address and browser request details for the purpose of generating the personal data report (to learn more about our privacy policy please visit our privacy policy statement).
I believe that this text is called from the file “class-gpdr-personal data-reports-public.php”,locacted in “wp-contents/plugins/gpdr personal-data-reports/public folder on the server, but apart from replacing the parameter “/s” with my site name directly, this info does not help me achieve translation of the English alongside the check box.
Does anyone have any suggestions as to how I may achieve a translation of this text to French
It has occurred to me that just possibly, my use of Loco Translate has caused the overwriting of the language file the Author say was included with the plugin – but this is only speculation on my part.
If anyone can assist, I would be extremely grateful.
Regards
JuliaC.
Hello. Thank you for your plugin.
Please, How the situation with adding reCAPTCHA with the I am human checkbox looks like?
Can you add it this year, please?
Thank you. David
]]>I have a web site with 2 language with Qtranslate plugin. how do for to work ?
]]>All I get when trying to process one single request is a bunch of error codes displaying in red on every field.
It’s also told me that the maximum number of requests have been exceeded on the first try. Even when I created a new user it stated error, maximum number of requests and a whole bunch of other error codes.
]]>Bonjour,
Est il possible en tant qu’administrateur de mon site que je puisse recevoir une notification par e-mail afin de savoir quand est ce qu’un utilisateur demande son RGPD.
Je vous remercie
Cordialement
Welcome.
The translation into Polish is 100% ready. Please approve and update the plug-in ??
Currently, the texts for the clients are in English, and May 25 it is getting closer.
Thank You for excellent plug-in!
]]>Best GDPR free plugin for wordpress we’ve found thus far
Easy to setup and actually works on sending user information including their comments
//THANKS
Several questions and request
Q1: Is “Right to be forgotten” via anonymization legally the same as a full deletion (which is not an option in the plugin). Seems like most people who would make a request would want it all deleted
Q2: How should one proceed when WordPress comments are made via the Facebook platform? Should there be an option to request information via Facebook login, not just email?
Requests
1. Would you consider including a simple cookies dialogue bar in the footer that solves browser cookies requirements
2. Would you consider a sample privacy/confidentiality page? I know this one is specific for each and every website, but if we all chip in on a sample page, there is less possibility for any important legality to be missed
This plugin is great, well done!
One question about the data report email – what is the Your Comments field for? Is that for comments the user made on the site? Or something else?
And is there a way to edit the email?
]]>Hi,
First of all great plugin. I have tried others and this one is definitely the best I’ve tried.
I have a question though – my site allows people to comment without signing up / registering so I don’t have any real “users” but people that might comment may request data held on them as a commenter. Is there a way the plugin can do a similar report on commenters instead of users? And could it also do the same on details stored in a contact form database like in Flamingo through Contact Form 7 for example?
Thanks for your help.
Keep up the good work!
Hi Wojtek
Looking at your code I can see that you are not using a NONCE to help minimise bots from spamming the forms and I would highly recommend that you add this to your code to make the form a little safer.
Also very worrying is that you do not appear to be sanitising any of the form input fields at the server and probably the most scary is that your get_row select SQL queries in /includes/class-gdpr-personal-data-reports-generator.php are highly open to SQL injection and very unsafe to the extent that I have currently disabled the plugin as it could be possible to use your form to do some nasty SQL injection and you need to look at this to make this side of things and any other locations where you link the public facing forms to the database.
Nathan
]]>We could not confirm your GDPR request.
Please make sure you are using a complete confirmation link.
Running some tests with this. After clicking the link in the email the message:
We could not confirm your GDPR request.
Please make sure you are using a complete confirmation link.
Shows on the page. How do I fix this?
]]>Hi Sean
Me again!!
I have looked through your code and it is very clean and appears to be well written.
One thing I wanted to see was how you were generating the random part to anonymise the data subject and see that you have a function called generate_random_string which generates the random information and based on a 30 character string.
I have attended a number of different conferences and seminars where the anonymising of the data subjects identifiable information was discussed in detail and if the randomness is really good enough for anonymising the data subject and the general view was that it needs to be more robust than a loop with a sequence of characters in alphanumeric order. I would suggest that you might consider doing a few things to make it more random. Firstly change the sequence of the 30 characters so that the order is random and when generating the random include a random millisecond delay before each random character is generated and also when it is selected. This way it makes it far more difficult to unravel the randomness (or rather lack of randomness) when using your current method and therefore much harder to break if the data was breached. It also shows a Supervisory Authority and a concerted effort has been made to really anonymise the data subjects identifiable information.
You might also (in the Pro version) want to consider moving the report generation part to be part of a cronjob rather than realtime as I would imagine in future (in the Pro version) you plan to make the plugin work with other plugins that store personally identifiable information etc and this could put a load and delay other processed on a very busy server.
Also you appear to be reading the content for the email from files in the mail folder which you might want to consider moving to the settings page so that they can be edited by the data controller and also you may want to consider moving these from being stored in files to be stored in the WP database itself.
In addition you might want to consider adding a cronjob that runs once a day and checks to see if any new meta keys have been added to the users table as at the moment it is only as good as when you configured the plugin which could give a false sense of security. There should be an option to be able to send an email with information to the data controller / IT to inform them that they need to review the settings page in your plugin to check if any new meta key data needs to be included for your plugin to handle it in the eraser process.
Finally, you might want to consider the addition of an export option in the logs panel and also the option to email the data controller the logs each day as this would be useful for the data controller to store to evidence to a Supervisory Authority that they are taking a proactive course of action regarding the GDPR.
Best wishes
Nathan
]]>Hi Sean
I have just looked at your CSS for the plugin as I noticed that when it was enabled it screws up the BeTheme theme and I have found that you do not prefix any of your CSS with your own reference and have somewhat generic names like “.wrap” which screws up the BeTheme and probably other themes as this is a very commonly used name in themes.
Can I suggest that you prefix all your CSS names with the name of your plugin as this will minimise the chance of your plugin messing things up and other plugins messing things up with your plugin. It also makes it much easier to debug CSS issues and tweaking the look of the output of your plugin.
Also, it would be helpful if you added classes and/or ids to the HTML e.g. H3 so that the output can be styled easier as at the moment it is a bit of a fudge to try and do so as it is.
Would also be nice (maybe in the Pro version) to be able to customise the text that is displayed in the plugin and the email and to turn off things like the H3 header etc so that the plugin can blend with existing sites.
Best wishes
Nathan
]]>