General Data Protection Regulation

  • Resolved fknisel

    (@fknisel)


    6 years, 8 months ago

    Hello,
    do you know if your plugin is complying the rules of the General Data Protection Regulation (GDPR), which will soon come into force (https://gdpr-info.eu/).
    I’m asking this because the plugin stores the IP addresses with repeated failed login attempts. According to GDPR these are “personal data”.
    Is it possible to anonymize the IP addresses before they are saved in my database? If so, how can I configure that?
    Can you confirm me that this data will only be stored on my database and not on external servers?
    Thanks!

    • This topic was modified 6 years, 8 months ago by fknisel.
Viewing 11 replies - 1 through 11 (of 11 total)

  • i want to know the same. any informations about that.

    ?

    Does anyone have an update to this topic? Times running up…

    Plugin Author WPChef

    (@wpchefgadget)

    Hi guys,

    We’re going to provide this functionality next week. We’ll keep you posted.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.
    Plugin Author WPChef

    (@wpchefgadget)

    Hi guys,

    We have uploaded a new version of the plugin with this feature implemented.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.

    Hello

    in WordPress ist mentioned, that it is updated last before 6 years.

    I think, I must mention how it works in the data privacy statement, becauce of you uses IP adresses.

    Regards

    VCR

    Hi WPChef,

    thanks a lot.

    To be GDPR compliant means to my understanding that no(!) personal data is processed by the plugin.

    This being said I am wondering how the plugin is working effectively when “all logged IPs get obfuscated”.

    Please, could you help me out in this and explain how the plugin is working when the option “GDPR compliance” is checked?

    Kind regards
    Mirko

    Plugin Author WPChef

    (@wpchefgadget)

    Hi Mirko,

    In GDPR mode the plugin converts the incoming IP into its md5 hash which is a one-way hashing algorithm that makes an IP unrecognizable to a person. For example, the 127.0.0.1 IP becomes: f528764d624db129b32c21fbca0cb8d6. All further operations (including storage of IPs in the database) are done using the hashed IP, not the original one.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.

    I looked for “Limit Login Attempt” and not for “Limit Login Attempts Reloaded”. That was my misstake.

    Plugin Author WPChef

    (@wpchefgadget)

    Hi VCR,

    No problem.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.

    In my opinion, it is enough to write in your pricacy policy that you collect IP, date, time and loginname of logins in the backend. So in this way you do not have to activate the GDPR mode.
    I would also mention to passing on this data for investigative purposes.

    The second thing related to GDPR is: Do you send this data also to an external server, or just save it in the current database?

    Regards, Patrick

    Plugin Author WPChef

    (@wpchefgadget)

    Hi Patrick, thank you for your comment. We don’t send any data to an external server.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.
Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘General Data Protection Regulation’ is closed to new replies.

Tags