DivertDigital GDPR

DivertDigital GDPR

0

With upcoming General Data Protection Regulation (GDPR) websites have requirements to protect personal data of their users. This plugin offers following: Pseudonimization of user priva

Version

1.0.4
Last updated

2018.01.20
Active installations

20
WordPress Version

4.0
Tested up to

4.9.24
PHP Version

5.3
pa_tag

GDPR
Rating

0.00
Total ratings

0
This plugin is outdated and might not be supported anymore.
Go back
View on WordPress site

Description

With upcoming General Data Protection Regulation (GDPR) websites have requirements to protect personal data of their users.
This plugin offers following:

  1. Pseudonimization of user private data (including WooCommerce if installed)
  2. Newsletter consent trail
  3. Download all user data
  4. Forgetting user personal data

This plugin is considered in BETA stage due to lack of testing. Please BACKUP your site befor usage.
Please read the Installation section and report your plugin issues to zed@divertdigital.com.
To hire our agency to help you with site rebranding/development or other GDPR requirements please contact us through our site https://www.divertdigital.com or email tristan@divertdigital.com directly.

Pseudonimization

Pseudonimization is process of encrypting sensitive data with encryption algorithm to prevent access to that information by unauthorised users. We are using ChaCha20-Poly1305 to encrypt data to allow for better compatibility for older Word Press sites. Unfortunately AES requires PHP 7.1 which is not present at many hosts.

After checking the encrypt option in settings for each user is generated key in wp-content/enc_keys. This is explained more in the FAQ section. All personal data for the user and WooCommerce will be encrypted and decrypted automatically so no visible change should be identified.

Article 25 EU GDPR “Data protection by design and by default”
Article 32 EU GDPR “Security of processing”

Newsletter consent trail

Consent trail is required to demonstrate that user has consented to processing of personal data. This part of plugin allows easy consent trail generation as PDF files in wp-content/newsletter_consents by doing predefined actions. Plugin handles cases of when subscribe is pending (user needs to confirm email) and when subscription is confirmed. See the Newsletter consent for configuration

Article 7 EU GDPR “Conditions for consent”

Download all personal data

This is required functionality to allow user access to all of his personal data. This is represented as a button in a profile area once enabled.

Article 15 EU GDPR “Right of access by the data subject”
Article 20 EU GDPR “Right to data portability”

Forgetting user personal data

Users need the ability to remove all personally identifiable data from the website. All personal data is set to NA (Not Available). Users can access this functionality through the button on profile area, while admins have that option as bulk action. This GDPR requirement has very big implications as the data has to be removed even from the backups! More info in FAQ section.

Article 17 EU GDPR “Right to erasure (‘right to be forgotten’)”

User data downloading

Plugin by default downloads WordPress data and WooCommerce private data. You can add additional data to json array by running an action.

function yourFunctionName(&$data){
    // Gather your data for current user
    $userData = array(
        'some_sample_data' => 'This is probably retrieved from database',
        'some_other_data' => 'Some other data you offer in download.',
        'notice_for_devs' => 'Please be sure to get all user data in your system'
    );
    $data['custom_user_data'] = $userData;
} add_action('dd_gdpr_userdata_additional', 'yourFunctionName');<h3>Newsletter Consent Installation</h3>To enable newsletter consent PDF creation modify the code in you plugin or theme functions.php to include calls to action

do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new DateTime())->format('Y-m-d H:i:s'), $ip);
do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);

Our example below which integrates MailChimp for WordPress and uses Mail Chimp Webhook to confirm registration

function init(){
    add_action('mc4wp_form_subscribed', [$this, 'newsletter_subscribed'], 10, 4);
    add_action('parse_request', [$this, 'parse_mailchimp_webhook']);
}

function newsletter_subscribed($form, $email_address, $data, $map) {
    // Create PDF for consent proving
    $status = $map[array_keys($map)[0]]->status;
    $ip = $map[array_keys($map)[0]]->ip_signup;
    if ($status === 'pending') {
        do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new DateTime())->format('Y-m-d H:i:s'), $ip);
    } else if ($status === 'subscribed') {
        do_action('dd_gdpr_newsletter_subscribe_confirmed', $email_address, (new DateTime())->format('Y-m-d H:i:s'), $ip);
    }
}

function parse_mailchimp_webhook() {
    if($_SERVER['REQUEST_URI'] != '/mailchimp_webhook') {
        return;
    }

    $type = $_POST['type'];
    if ($type != 'subscribe') {
        return;
    }
    $firedAt = $_POST['fired_at'];
    $email = $_POST['data']['email'];
    $ip = $_POST['data']['ip_signup'];
    do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);
    exit();
}