We released a new major version of our WP-GDPR Core plugin.
Over the past weeks, we worked towards a flexible privacy center that allows us to integrate more services. The Personal Data Overview page was a good start, but it was hard to integrate this in your theme. To remove this problem, we decided to fully redo the code.
These are the changes:
- New frontend Privacy Center UI for personal data management
- New options for users to export their personal data : PDF / COPY / EXCEL / CSV / PRINT
- Users can filter their personal data through search
- Users can sort their Personal data in the Privacy Center
- Privacy Center uses theme header + footer
- Upgraded translations for NL BE FR SE
Please update your WP-GDPR Core and all of its add-ons.
The past 2 weeks were very intense and we’re very happy to release a new version of the WP-GDPR Core plugin and all add-ons we created.
We’re also releasing a new add-on and announce the upcoming mailchimp add-on.
WP-GDPR Core 1.5.3 release
We released version 1.5.3 of WP-GDPR Core.
This release contains:
- Logging for debug purpose
- Privacy policy per add-on
- Bulgarian translation
- Create specific email for DPO contact
- Prepare for Flamingo add-on
- Prepare for Mailchimp add-on
If an error occurs in the WP-GDPR Core or there is a conflict with another plugin or theme, it’s very hard to do proper debugging. We provide you with a logging feature you can enable when you think something goes wrong and wrote a tutorial to explain more on this topic.
New add-on: Flamingo
Users of the Contact Form 7 plugin are probably also familiar with Flamingo. It’s created by Takayuki Miyoshi, who also created Contact Form 7 and is the recommended plugin to store messages from CF7.
With the Flamingo add-on, you can let visitors manage their own data they submitted through Contact Form 7. This plugin has 300.000+ installs!
Flamingo has a great, intuitive interface to keep track of submitted forms, so you can export them. This, in many cases personal, data must be available to the visitor. You as a website owner has to let users manage this data.
With this add-on, your visitor will be able to manage it without your involvement.
Only when the user requests to delete the data, you will have to take action.
Add-on updates
Today, we’re releasing updates for the following add-ons:
From now on, you will receive an update notice in the backend when an update is available.
We implemented this together with the debug logs you can enable, as mentioned before in this post.
To install this update, please download a new copy of your add-on on your account page:
https://wp-gdpr.eu/my-account/purchase-history/
If we can help in any way, don’t hesitate to contact us through the same page.
Upcoming add-on: Mailchimp
Mailchimp is probably one of the best-known newsletter and marketing automation tools worldwide. With billions of emails sent each year and their drag&drop interface they’re a great tool for any digital marketeer.
There are many Mailchimp plugins for WordPress available. Some of them are standalone, while others integrate nicely with a form plugin, for example. In both cases, the personal data is stored in Mailchimp. This makes it harder for you (website developer or owner) to handle requests.
The WP-GDPR Mailchimp add-on will give visitors, like all other add-ons, the tools to handle the data themselves. Your visitors can download or update its data without having to leave your website!
Linking the WP-GDPR Mailchimp add-on to Mailchimp is easy.
We need an API key to let us collect data from Mailchimp. In one of these 3 ways, we will try to get that access:
- Re-use the API key of one of these plugins
- Mailchimp for WordPress
- Gravity Forms (Mailchimp add-on)
- Let you enter an API key through a setting in the backend
If one of the first options (through a plugin) is available, there is no need to enter any setting for this.
We plan the release of WP-GDPR Mailchimp add-on this month!
New pricing plans
To accommodate everyone who needs our add-ons, we decided to restructure our pricing plans. The new pricing plans consists of 2 separate tracks :
- Individual plans, focused on single sites.
- Business plans, focused on multiple sites.
Individuals can now also get all add-ons at once with the new Plus plan. Businesses who are not quite big enough for the Pro plan can now get the Freelance plan which allows them to register up to 20 websites.
Upgrade info for existing customers :
If you have any questions about upgrading your previous single licenses, you can do so by contacting our live-support or creating a ticket.
Check out all pricing plans here:
https://wp-gdpr.eu/pricing/
As announced last week already :
We’re working very hard on providing you with more helpful information and a better user experience. It’s time to ask the community for feedback on our prototype UI for WP-GDPR 1.5.
GDPR is a complex matter and without sufficient information to the user, it gets confusing very quickly. We had some feedback and gathered our thoughts to come up with a plugin environment where :
- Users get more information about what they are looking at
- Users get more information as to what they can do with the information
- Users have an easier time navigating through the data
- We have room to implement more features which are logical, needed and requested
- We have an easy to understand add-on process
- It becomes easier for the community to understand what the next steps are
- We have a clear process of support and help
Design is not just what it looks like and feels like. design is how it works
The new sections
To make it more logical to use WP-GDPR we have created a new set of subpages :
- Requests
- Data-Register
- Add-ons
- Settings
- Help
Requests
Requests are the hearth of the plugin, no other GDPR plugin does what we do currently. An automated system for users to request their personal data. This page will help you manage the delete requests, a list of all users who requested for their data to be deleted/anonymised.
The second tab will feature data requests, a list of all users who requested access to their data.
Data-Register
The data-register is a log file where all records of processing activities are logged, it’s necessary to be compliant with GDPR article 30. This is a daunting task for businesses and we are creating an automated system which does the work for you. We are still working very hard to get this feature right.
Add-ons
One of the most popular features of the WP-GDPR plugin is its ability to install add-ons to make other plugins GDPR compliant. As of today, we have released 3 add-ons :
These add-ons make sure that personal data being processed by one of those plugins gets recognised as personal data so users can request, update, download or delete it at any time. Every add-on is different and to know how to configure your plugins check out our tutorials. We are working on 2 new add-ons at this moment: Mailchimp & Formidable Forms. To request an add-on please vote for it or suggest it on our add-on page.
The main add-on page lists all available add-ons in our repository and gives more information about them. After installing add-ons this page gives an easy overview on which addon is active and has a valid license.
The second page called ‘Your plugins’ lists all currently installed plugins on your WordPress which collect personal data and gives you an easy to understand overview.
Settings
The settings page is a straightforward page where we list all available configuration choices you have for WP-GDPR. For example text display, DPO email addresses, customization,… Listening to the community we add popular requests and things which are necessary but not always obvious. We try to keep expanding this page with useful settings.
Help
Last but not least we have the help centre. A place where we try to gather as much information as possible to help you understand GDPR and our WP-GDPR plugin. You can view guides & tutorials here, check out the new FAQ or contact support through the proper channels.
GDPR is not an easy matter and we are not highly trained lawyers, we are a bunch of motivated developers trying to make sense out of GDPR and providing the community with an amazing tool to automate their process.
Your input
The reason we create this post is to get your feedback. Are there features you would like to see in future versions, are you concerned about something? Do you like our upcoming UI change?
We would like to hear all about it! Leave a comment on this post or on social media, send us a mail or even hit us up through live chat when we are available.
We really appreciate your feedback!
General Context
Already in the early 90’s, the European Union adopted the Data Protection Directive which regulated the processing of personal data within the European Union. The directive helped European citizens to be aware of their right to privacy, but the effect on the personal data itself was small. Partially because of the different interpretations of the directive by the individual member states.
With the General Data Protection Regulation (GDPR), a new and modernised law will become enforceable on the 25th of May 2018. The regulation wants organisations (companies, governments, NGO’s, …) to get a mindset of “Data protection by design”. And this not only for European organisations, but all organisations that handle personal data from a European citizen. Even if the organisation is located outside of the EU.
What is a Data Register?
With the WP-GDPR Core plugin and its add-ons, you have to tools at hand to process personal data and let your visitors manage that data themselves. We’re working on improving the process and explaining more on how the plugin works, so it will be easier for new users to get started with the WP-GDPR plugin. This will also help with changing the mindset of personal data.
Apart from managing personal data, it’s also very important to keep track of what happens to the personal data. Basically a history of all things related to the data. This includes:
- When did someone consent to storing the data?
- What data can we store and for how long?
- Who requested access?
- Who filed a delete request?
This “Record of processing activities” (Reference: Article 30 of GDPR) is often called the Data Register and must be available for consultation when privacy authorities ask for it. The Data Register let you keep track on who does what with personal data.
Data Register template
In many cases, creating a Data Register isn’t that hard and can be a good second step (First Step: Identifying all personal data) in getting GDPR compliant. To help you get a grip on the whole Data Register, we make a spreadsheet template available for you to download here:
https://docs.google.com/spreadsheets/d/1IsFLKF9kiZZ8Cp8fKrJkmhGODWy-Xkisa1MIzSHXHtw
(We’ve put the template in a Google Spreadsheet, so you can always access the latest version of it)
Automate all the things
As you can see, there’s some administration involved in keeping the Data Register up-to-date. In essence, the Data Register can be this spreadsheet on someone’s computer, but we suggest storing the Data Register on your website. This makes it possible to automate certain parts of storing. For example, we can store the consents from forms or the delete requests automatically in the Data Register of the WP-GDPR plugin.
Of course, since not every request or consent comes from the website, there should be an option to manually add records to the Data Register.
In future releases, we will try to make more integrations possible to automatically store the consent. We will start with the WP-GDPR Core and the add-ons.
Today we released the first version of the WP-GDPR Woocommerce add-on.
With this add-on, a customer can access its personal data without having to login.
Also, a request to delete the data can be made.
Of course, we don’t delete the billing information, since this is required by law.
In a later version, we will let users manage their personal data from within the “My Account” section.
If you have any more questions, don’t hesitate to contact us!
Get the add-on nowReleased WP-GDPR 1.4.3 for our core plugin.
This release contains
- Fix: Deprecated warning
- Fix: When request form is embedded on a non-standard page. Until now, you got a 404-error when redirecting to the “Thank you”-page
- Fix: Confirmation of processing the delete request shows a short reference to what happened to the data
- Enhancement: Add table header “request language”
As you see in the list above, we mostly fixed issues and did small improvements to this core plugin.
If you encounter another problem or have suggestions, don’t hesitate to contact us!
We would like to give everyone a quick update on what’s in store the coming weeks for WP-GDPR, and touch a hot topic lately : User Experience.
Most people using WP-GDPR know what the plugin does and why it is this unique but alot of people new to WP-GDPR can get confused after their first look at the plugin. To change that the upcoming 1.5 release will provide a better user experience and we will try to make our website more focused on how the plugin works.
We planned the following changes related to user experience :
- As of 1.5 users will be able to style the access request form directly from the settings.
- A new help page where users will get information about how to use or set-up WP-GDPR
- Tooltips in most areas of the plugin
- A complete tutorial section on our website
- A chart on what is included out of the box when installing the plugin or add-ons
- One click links to add-ons based on installed plugins ( list of plugins page )
While we prepare this update we are open for suggestions and feedback on our usual channel. Need help? Let us know!
Do you like our hard work? Drop us a review.
Starting 25 May 2018 all companies that process personal data of EU citizens are obliged to be GDPR compliant, this document serves as a guideline on how to make your clients GDPR aware.
What is GDPR?
GDPR wants to address the new ways of exploiting personal data through the internet and cloud technology. It also wants to give businesses a clearer legal environment in which to operate throughout the EU.
The GDPR introduces new accountability obligations, stronger rights and restrictions on international data flows. It gives people more say over what companies can do with their data.
The data that is protected by this regulation is all information about an identified or identifiable person. This can be his name, address, e-mail, but also a cookie, photo or ip-address. When you can use the data to find out who the person is, it is personal data and therefore protected by the GDPR. An organisation must do everything in its power to secure the data and have required procedures in place.
No panic! Just be aware and work towards being compliant
What can I do for my client?
Check with your client whether he collects and stores personal data. When he stores the data you need to make your client GDPR aware.
Your clients needs to understand the changes in collecting, storing and managing personal data and what they need to do in order to keep this data safe. The new regulation attaches great importance to transparency and holds companies responsible for safeguarding the collection, use and storage of individuals’ personal data. Personal data must be processed fairly and accurately, and can not be kept longer than necessary.
Companies are advised to ensure that they have detailed procedures to detect, report and investigate a personal data breach.
Use this roadmap to make your clients website GDPR Ready or use it as a plan to make your client GDPR aware :
- Audit his data: Find out what personal data is already held. Check for adequate consent. If not, delete the data or ask for consent. Keep in mind that pre-ticked boxes and soft opt-ins no longer count with GDPR. Show that you are doing your best to protect the personal information of individuals and minimize the chance that it will end up in the wrong hands.
- Update consent boxes: Create opt-in boxes to ask consent to store personal data. Explain very clearly why this data will be collected, how and for how long the data will be kept for. Start campaigns that will run to get people to opt-in again.
- Know your visitors rights: Make sure a visitor can view, edit, download and delete his personal data. Use our core plugin our on of our addon’s to help your clients with this step.
- Prepare for a data breach: Ensure the correct procedures are in place to detect and report loss or theft of personal data.
- Keep personal data safe: Make sure the data is kept on a secure server. When the data is also mailed or can be exported, make sure the person getting this info knows GDPR and keep a policy for this offline data.
- Appoint someone to own GDPR: Regardless of whether your client needs one, have someone take ownership of GDPR.
If you have any questions regarding GDPR just ask your question through our live chat support.
Released version 1.4.1 from the WP-GDPR Core plugin.
This release contains
- an improved autoloader
- a fix to prevent conflicts with the Jetpack comments
In the support forum, therecipettes and tauchenalow23 pointed at the conflict. Since many of you use Jetpack features, we thought it important to do a minor release.
If you encounter another problem or have suggestions, don’t hesitate to ask!
We released version 1.4.0 of the WP-GDPR Core plugin.
A lot of improvements were released, but we’d like to highlight a few of them:
- Add DPO email address
- Option to not show the comments section
- Add settings feature
- Stop form submition after refreshing
- Add filter to implement checkbox in other commentforms
- Update DE language (thanks Ritchie!)
Also we made the codebase of the core plugin compatible with PHP version 5.3
Download from the plugin directory:
- 1
- 2