YOUR WORDPRESS GDPR/CCPA/LGPD COMPLIANCE ASSISTANT
What does it do?
- Action Right to Forget (Delete) and Right to Portability (Export) requests easily and transparently using a customizable interface
- Understand your data with our Database Overview
Who is this plugin for?
If your are gathering personally identifying information (PII) from users (eCommerce customers, contributors etc.) within the European Union (EU), you must comply with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’). This plugin also applies to the California Consumer Privacy Act (‘AB-375’) (‘CCPA’) effective from January 1, 2020.
- WordPress Users
- Easy Digital Downloads
- User actionable : once a user request is actioned by the site admin, an email is sent to the user which acts as a trigger for the Export / Delete action, to be completed by the user.
- Action logging : all activity including user and admin actions are logged for audit purposes. The audit data is stored indefinitely on the GDM remote storage for retrieval as required. The GDM remote storage does not record any Personal Identifiable Information (PII) as per GDPR/CCPA/LGPD guidelines.
- Remote Backup : in case of data roll-back (restoring database from a previous version) avoid having to request users complete the process again. GDM does this automatically.
- Customization : real-time editor for customization of template views
- Export : option of 3 exports formats CSV, JSON & XML
- Database Overview : understand your database as per GDPR regulations i.e. see where personally identifying information (PII) data exists on your database
- WP Multilingual : compatible
- French (FR)
- German (DE)
- Danish (DK)
- Italian (IT)
- Spanish (ES)
- User initiation of data requests
- Expansion of Database Overview
- WP eCommerce (Support)
- Ecwid Ecommerce (Support)
- WP EasyCart (Support)
- Translations: Portuguese (PT) / Brazil (BR), Dutch (NL)
How-to guide outlining how to delete user data from your site – GDPR/CCPA/LGPD “Right to Erasure” requests
How to export user data
To install this plugin:
- Upload the entire ‘seahorse-gdpr-data-manager’ folder to the ‘/wp-content/plugins/’ directory
- Activate the plugin through the ‘Plugins’ menu in WordPress
What makes this different to the native WordPress Erase / Delete Data feature?
GDM does not put the responsibility on the webmaster to securely generate and send requested data. No user data is sent over email, instead a secure link is emailed to the requestor which expires once activated or after 24 hours of inactivity. Requestors must complete the actions themselves ensuring that no export data is left accessible on webmasters machines in line with GDPR/CCPA/LGPD compliance.
What happens if I roll-back my database and user data which has been deleted is returned?
GDM stores activity remotely so in the event of a roll-back, the plugin will compare remote activity with local data to sync any changes. Users will not have to go through the verification process again. Data controllers can re-run the already verified actions
What if I have a Right to Forget request from a WooCommerce Guest user?
GDM can isolate WooCommerce guest data in the same way as regular user data. If the request is for data deletion, GDM only deletes the user data leaving system data intact for future reporting etc. as per data protection guidelines.
How is contributed content handled in cases of data deletion requests?
A distinction is made by GDM between contributed ‘content’ and ‘content attributes’ so in the case of posts, a deletion request will lead to the post being assigned to the deleted user as author (so no associated PII data) but the contributed content Title and Body text will remain.
If a user requests their data to be deleted, what happens to posts etc. that they have contributed?
The content (body, title etc.) remains in place – only the associated PII (author detail etc.) is removed.
If a user deletes their data, will my eCommerce reports be effected?
GDM maintains all operational data after a user deletion including some high level data (e.g. high level location data of customer etc.) so reporting is uneffected. All eCommerce order data persists – only user PII is removed.
Contributors and Developers
“GDPR Data Manager” is open source software. The following people have contributed to this plugin.Contributors
- updates related to LGPD
- language updates related to CCPA
- change of domain
- multilingual compatibility added IT / ES
- multilingual compatibility added FR / DE / DK
- added warning for users regarding pending orders (wc/edd). Further advancement of multilingual
- licence type handling upgraded & help and support content
- minor release: patch for EDD Guest user data
- Support for Easy Digital Downloads added
- v1.0 of the ‘Your Database’ section
- fix’s applied to external links and updates to free trial period
- updates to system licensing method inc. UX edits
- compatibility issue for PHP 7.1+ bug fix
- Edits to user email text content
- Expansion of disaster sync functionality and addition of free features (template views)
- WC Guest deletion patched and post content deletion bug fix
- updates to handling of disaster record syncing and delete data process
- update to naming conventions as per WP guidelines
- Fix – zip installation process error