{"id":83361,"date":"2018-03-28T11:32:16","date_gmt":"2018-03-28T11:32:16","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/divertdigital-gdpr\/"},"modified":"2018-05-15T08:58:55","modified_gmt":"2018-05-15T08:58:55","slug":"divertdigital-gdpr","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/divertdigital-gdpr\/","author":16038574,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.4","stable_tag":"1.0.4","tested":"4.9.29","requires":"4.0","requires_php":"5.3","requires_plugins":"","header_name":"DivertDigital GDPR","header_author":"Divert Digital Ltd","header_description":"This plugin helps with upcoming General Data Protection Regulation (GDPR) by enabling pseudonimization of personal data and storing the newsletter subscription consent. WooCommerce compatible.","assets_banners_color":"000000","last_updated":"2018-05-15 08:58:55","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/www.divertdigital.com\/wordpress-gdpr-plugin","header_author_uri":"https:\/\/www.divertdigital.com\/","rating":0,"author_block_rating":0,"active_installs":10,"downloads":1519,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":0},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":"1848501","resolution":"128x128","location":"assets"},"icon-256x256.png":{"filename":"icon-256x256.png","revision":"1848501","resolution":"256x256","location":"assets"}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":"1848501","resolution":"772x250","location":"assets"}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.0.1","1.0.2","1.0.3","1.0.4"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1848501","resolution":"1","location":"assets"}},"screenshots":{"1":"Settings screen"}},"plugin_section":[],"plugin_tags":[131785,154919],"plugin_category":[],"plugin_contributors":[154920],"plugin_business_model":[],"class_list":["post-83361","plugin","type-plugin","status-closed","hentry","plugin_tags-gdpr","plugin_tags-pseudonimization","plugin_contributors-zeddivert","plugin_committers-zeddivert"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/divertdigital-gdpr_000000.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/divertdigital-gdpr\/assets\/screenshot-1.png?rev=1848501","caption":"Settings screen"}],"raw_content":"\n

With upcoming General Data Protection Regulation (GDPR) websites have requirements to protect personal data of their users.\nThis plugin offers following:<\/p>\n\n

    \n
  1. Pseudonimization of user private data (including WooCommerce if installed)<\/li>\n
  2. Newsletter consent trail<\/li>\n
  3. Download all user data<\/li>\n
  4. Forgetting user personal data<\/li>\n<\/ol>\n\n

    This plugin is considered in BETA stage due to lack of testing. Please BACKUP your site befor usage.\nPlease read the Installation section and report your plugin issues to zed@divertdigital.com.\nTo hire our agency to help you with site rebranding\/development or other GDPR requirements please contact us through our site https:\/\/www.divertdigital.com or email tristan@divertdigital.com directly.<\/em><\/p>\n\n

    Pseudonimization<\/h3>\n\n

    Pseudonimization is process of encrypting sensitive data with encryption algorithm to prevent access to that information by unauthorised users. We are using ChaCha20-Poly1305 to encrypt data to allow for better compatibility for older Word Press sites. Unfortunately AES requires PHP 7.1 which is not present at many hosts.<\/p>\n\n

    After checking the encrypt option in settings for each user is generated key in wp-content\/enc_keys. This is explained more in the FAQ section. All personal data for the user and WooCommerce will be encrypted and decrypted automatically so no visible change should be identified.<\/p>\n\n

    Article 25 EU GDPR \"Data protection by design and by default\"<\/a>\nArticle 32 EU GDPR \"Security of processing\"<\/a><\/p>\n\n

    Newsletter consent trail<\/h3>\n\n

    Consent trail is required to demonstrate<\/strong> that user has consented to processing of personal data. This part of plugin allows easy consent trail generation as PDF files in wp-content\/newsletter_consents by doing predefined actions. Plugin handles cases of when subscribe is pending (user needs to confirm email) and when subscription is confirmed. See the Newsletter consent for configuration<\/p>\n\n

    Article 7 EU GDPR \"Conditions for consent\"<\/a><\/p>\n\n

    Download all personal data<\/h3>\n\n

    This is required functionality to allow user access to all of his personal data. This is represented as a button in a profile area once enabled.<\/p>\n\n

    Article 15 EU GDPR \"Right of access by the data subject\"<\/a>\nArticle 20 EU GDPR \"Right to data portability\"<\/a><\/p>\n\n

    Forgetting user personal data<\/h3>\n\n

    Users need the ability to remove all personally identifiable data from the website. All personal data is set to N\\A (Not Available). Users can access this functionality through the button on profile area, while admins have that option as bulk action. This GDPR requirement has very big implications as the data has to be removed even from the backups! More info in FAQ section.<\/p>\n\n

    Article 17 EU GDPR \"Right to erasure ('right to be forgotten')\"<\/a><\/p>\n\n

    User data downloading<\/h3>\n\n

    Plugin by default downloads WordPress data and WooCommerce private data. You can add additional data to json array by running an action.<\/p>\n\n

    function yourFunctionName(&$data){\n    \/\/ Gather your data for current user\n    $userData = array(\n        'some_sample_data' => 'This is probably retrieved from database',\n        'some_other_data' => 'Some other data you offer in download.',\n        'notice_for_devs' => 'Please be sure to get all user data in your system'\n    );\n    $data['custom_user_data'] = $userData;\n} add_action('dd_gdpr_userdata_additional', 'yourFunctionName');<h3>Newsletter Consent Installation<\/h3>To enable newsletter consent PDF creation modify the code in you plugin or theme functions.php to include calls to action\n\ndo_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new \\DateTime())->format('Y-m-d H:i:s'), $ip);\ndo_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);\n<\/code><\/pre>\n\n
    Our example below which integrates MailChimp for WordPress and uses Mail Chimp Webhook to confirm registration<\/p>\n\n
    function init(){\n    add_action('mc4wp_form_subscribed', [$this, 'newsletter_subscribed'], 10, 4);\n    add_action('parse_request', [$this, 'parse_mailchimp_webhook']);\n}\n\nfunction newsletter_subscribed($form, $email_address, $data, $map) {\n    \/\/ Create PDF for consent proving\n    $status = $map[array_keys($map)[0]]->status;\n    $ip = $map[array_keys($map)[0]]->ip_signup;\n    if ($status === 'pending') {\n        do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new \\DateTime())->format('Y-m-d H:i:s'), $ip);\n    } else if ($status === 'subscribed') {\n        do_action('dd_gdpr_newsletter_subscribe_confirmed', $email_address, (new \\DateTime())->format('Y-m-d H:i:s'), $ip);\n    }\n}\n\nfunction parse_mailchimp_webhook() {\n    if($_SERVER['REQUEST_URI'] != '\/mailchimp_webhook') {\n        return;\n    }\n\n    $type = $_POST['type'];\n    if ($type != 'subscribe') {\n        return;\n    }\n    $firedAt = $_POST['fired_at'];\n    $email = $_POST['data']['email'];\n    $ip = $_POST['data']['ip_signup'];\n    do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);\n    exit();\n}\n<\/code><\/pre>\n\n\n
      \n
    1. Upload the plugin files to the \/wp-content\/plugins\/<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n
    2. Activate the plugin through the 'Plugins' screen in WordPress<\/li>\n
    3. Use the Settings->GDPR screen to configure the plugin<\/li>\n
    4. Modify permisions for \/wp-content\/newsletter_consents and \/wp-content\/enc_keys to be writtable by the web server user<\/li>\n<\/ol>\n\n\n
      \n
      Installation Instructions<\/dt>\n
        \n
      1. Upload the plugin files to the \/wp-content\/plugins\/<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n
      2. Activate the plugin through the 'Plugins' screen in WordPress<\/li>\n
      3. Use the Settings->GDPR screen to configure the plugin<\/li>\n
      4. Modify permisions for \/wp-content\/newsletter_consents and \/wp-content\/enc_keys to be writtable by the web server user<\/li>\n<\/ol><\/dd>\n
        Why store encryption key as file?<\/dt>\n
        GDPR Article 17 requires that all data be removed, even from backups. If SQL file backups contain the key in database, private information is accessible by just restoring that data. When using encryption as key personal data in the SQL file backups are not readable without it. When removing the user or forgetting his data, removal of the key file makes the data in backups void (unable to be read as we dont have key anymore). Our recommendation is to configure backup system to exclude the keys in regular backups and just synchronize the keys with rsync on the backup server with option to match delete actions in keys folder. Also it improves security by requiring potential hacker to have access to both database and filesystem.<\/p><\/dd>\n\n<\/dl>\n\n\n
        1.0.4<\/h4>\n\n
          \n
        • Added checks for required folders before enabling encryption<\/li>\n<\/ul>\n\n
          1.0.3<\/h4>\n\n
            \n
          • Added check to generateKeys<\/li>\n<\/ul>\n\n
            1.0.2<\/h4>\n\n
              \n
            • Fixed required PHP and WordPress version. Added image assets.<\/li>\n<\/ul>\n\n
              1.0.1<\/h4>\n\n
                \n
              • Fixed install instructions<\/li>\n<\/ul>\n\n
                1.0<\/h4>\n\n
                  \n
                • Code reorganisation and better compatibility<\/li>\n<\/ul>\n\n
                  0.9<\/h4>\n\n
                    \n
                  • First public release<\/li>\n<\/ul>","raw_excerpt":"This plugin helps with upcoming General Data Protection Regulation (GDPR) by enabling pseudonimization of personal data and storing the newsletter sub …","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/83361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=83361"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/zeddivert"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=83361"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=83361"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=83361"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=83361"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=83361"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=83361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}