I’m still reading up on the GDPR-thingie and I’m not sure yet how to act in all areas.
Regarding the IP address I’m currently thinking of anonymize the IP address, so you could still get some info about it, like general location.
Even after dealing with the IP address there is till the issue that the plugin do log a lot of things that is “personal data”, i.e. information relating to an identified or identifiable natural person. Like usernames and emails. So not quite sure yet how to handle all this.
If you have ideas or suggestions please let me know!
This reply was modified 4 years, 10 months ago by eskapism.
I’m not a lawyer but from what I’ve learned it’s not too hard to achieve compliance (or avoid needing it). The most important steps to avoid getting sucked into the “GDPR machine” in the first place are:
– Make sure no personal data ever leaves the system.
– Anonymize IP’s before processing/storing them (at least for unregistered users).
– Provide a data retention rule (auto-delete all of this data).
– Provide a way to search/delete/correct personal data.
So, as long as you don’t collect any of that data yourself, this GDPR thing is pretty much out of your hair.
This website uses Simple History, a security log and website change verification tool that helps us to identify (un)authorized changes made to this website. This tool may store site user’s personal data in a temporary log, for inspection by authorized staff only.
- Anonymized IP address
- Site username
- Email address
This data will automatically be deleted after x days.
It will never be shared it with any third party.
This is a bit too basic but you get the idea. It’s the site developer’s responsibility to make sure all the tools used are compliant and you can best assist them in making that information easily accessible.
Note: I don’t think the feed feature is GDPR compliant (no authentication to protect the data from view), adding a note to the settings page should be all it needs though.
Again, I’m not a lawyer, it’s just a couple of recommendations to get you going.
In version 2.22 IP addresses are anonymized by default.
WP 4.9.6 was also just released with some privacy/GDPR related functions. I’ll try to update my plugin with the recommended actions they outline here:
WP 4.9.6, Privacy, Hooks, and You
Please let me know if there is anything more you need. As many other developers and users out there, I’m not a lawyer. But together we may come up with the best practice and solutions 🙂
Hi, thanks for all your work. The update works just fine!