It’s no longer any secret that EU is going to enforce General Data Protection Regulation, from 25th of May. This is going to bring a new era in the virtual world, and both old and new websites are going to be influenced by this many different ways.
Regardless of the hosting location of your website, it is in your best interest to make sure you understand these regulations and make your site GDPR complaint. The global community has taken data privacy and protection seriously, and GDPR is the reflection of that.
Due to the changes in data protection, privacy and regulation, the websites need to go through many changes, and many of their operations need modifications. The regulations are related to information collection, usage of the information, consent from the users and many other things.
If you do these modifications manually, then it will become a daunting task. Moreover, it is very much possible for a website owner to forget one step or two while manually handling the website.
The WordPress GDPR plugin is designed and developed to reduce the workload and ensure precision, regarding making the website GDPR compliant.
Functionality
The most critical issue related to GDPR compliance is consent management. The common complaint about the nature of websites was, they don’t take any consent from the users when they offer them services or use their information for marketing purposes.
GDPR plugin deals with that with different consent management tools. It gives the users more options on what they want to opt-into, and they don’t. The users can set their privacy preferences up by choosing cookies with UI and banner notifications.
WordPress GDPR Plugin is going to create an entire page for the privacy policy, or you can configure your existing Privacy policy page. One of the critical element of GDPR is, the users should be allowed to choose their preferences from the privacy policy and give consent in some particular areas while refusing the others; this feature is convenient. The site visitors can choose the way their information is going to use by the website.
According to GDPR, you have to keep the data transparent to the users. This plugin helps the website owners with that as well.
Firstly, reassignment and deletion of user data are possible with this, as per user requests. Moreover, if the user requires a copy of their information, that is also possible with GDPR plugin as well. Data Subjects are used to cater to front-end requests button and double opt-in confirmation email.
Also, notifying the users about data breach is vital when it comes to GDPR. The users have the right to know when a data breach occurs and how that will affect their personal information.
Notification logs, as well as batch email notifications, will be available to data subjects. Among many other features, the key ones are audit logs, data subject secret tokens, and telemetry tracker.
How to Use It
First of all, you need to
- Download the plugin from WordPress Repository
- Upload the plugin to the /wp-content/plugins/ directory via FTP or Simply login to your website dashboard, click Plugin > Add New > Upload
- Activate the plugin through the ‘Plugins’ menu in WordPress
Now let’s see how the plugin works:
Settings
In the Dashboard, you are going to find the Settings options and then select the Privacy Policy page if you want to ensure the features of logging and tracking consent. The users must have to give their consent to your privacy policy if they wish to use your website.
The changes you made here, will be flagged and logged to the admin so that the users can be notified about giving their consent to the updated material. Concerning mistakes or corrections, warning messages will be received.
Moreover, limitations about outgoing emails can be set up as well, so that you don’t send emails to people who haven’t consented to your newsletter or new offers.
Cookie Preferences
You can quickly set up the cookie preference options for your site’s users as well. There are three formats for you to choose from.
First, the cookies will always be active. Second, users can block or activate cookies can according to their preferences. And third, cookies might require third-party configuration for opting out. The user can choose the option they would like.
The cookies will never be active until or unless the user allows them to be. You can use the function is_allowed_cookie( $cookie ) to activate or deactivate cookies.
Data Access
Apart from consent issues, users fright to have access to the data you are collecting is vitally important as well. The data subject can send a request to the admin for getting a copy of data or asking for erasing something. The admin will see the request on the request table.
Also, the content the user had published will get add to the request table for the administrator to see. Regarding deletion of data, the user will get a confirmation message and a 6 digit token, so that the user can recover data later if necessary.
With the request table, the admin can quickly add or delete content. You can also add data subjects manually to the request table.
When the users require their data copy, they will be able to do that with shortcodes. They will get JSON or XML files as per their request and will have 48 hours to download. The same system works for data rectifying and complaints.
Consent Management
You will also find consent management models on the Settings option. Depending on your preference, this can be option or non-option, but you should cover this. Users giving consent to the privacy policy and terms of services should be enough, but you can’t be careless.
You can use the wrapper function have_consent ( $consent_id ) for displaying or hiding the material on your site based on user choice.
Additional Tools
WordPress GDPR plugin has some great tools for the admin to play with. The Access Data tool enables the admin to view the information of a particular user searching with the user email account. This is used for complying data access requests if the user confirms his/her identity.
Audit Log
The audit log tracks all the activities the users do, starting from registration, giving consent to terms of services and privacy policy and logging in and out. Data breach notifications are also logged upon confirmation. This can be used through the email addresses of the data subjects. Moreover, when the data subject gets removed from the site, encryption log gets deleted as well.
Data Breach
Data breach tracker is another essential tool. The admin can merely log the information and confirm if a data breach occurs and generate a notification to send the users. The audit log stores the nature of breach, identity and contact details of protection officers, consequences of the breach, and measures taken for mitigating the issues. The users will receive emails every hour.
Telemetry Tracker
And lastly, the Telemetry Tracker will display the data which is sent outside the server for various purposes. With this, the users will be able to know for what purpose their data is being used, and if it is going beyond their consent and privacy preferences.
Lastly, though this plugin is handy in making your site GDPR compliant, you should double check everything yourself. You should take responsibilities for making your site more secure.
4 Comments, See all Comments