How to deal with new GDPR?

  • Resolved laybagmax

    (@laybagmax)


    6 years, 7 months ago

    Hey, from May 25, 2018 comes the new GDPR from the EU. Multi Rating stores IP addresses. This is no longer allowed in the future. How to deal with it? Is a change in the plugin planned to comply with the regulation?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author dpowney

    (@dpowney)

    Thank you for bringing this up.

    There are a couple of options which I’d like your feedback on.

    Option 1 – Change plugin to only store IP address for non logged in users only and when the IP address validation check is enabled. No functionality is lost. As the IP address is considered personal data that can be used to identify a person, the website owner would need to explicitly state when and for what purpose the IP address is being stored. Optionally, a WP cron could run to hard delete any IP address after the expiry period e.g. 24 hours.

    Option 2 – Add note in plugin settings that user should use cookie validation instead as this is GDPR friendly. No personal data is stored in the cookie. The plugin provides options and it is the website owners responsibility to ensure GDPR compliance.

    Option 3 – Remove storing of any IP addresses completely. Websites which currently use IP address validation will be switched to cookie based validation.

    Option 4 – Mask the IP address in some way that is still unique to that user – I am unsure if this is possible or even GDPR compliant. A batch job would be required to mask all old IP addresses.

    I hope to hear your thoughts. Option 3 is the simplest solution.

    Thanks,
    Daniel

    Plugin Author dpowney

    (@dpowney)

    I am implementing Option 3. All stored IP addresses will be deleted on update. This change will be available soon (before GDPR enforcement on May 25) in both the free and pro versions. Cheers, Daniel

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to deal with new GDPR?’ is closed to new replies.