Support » Plugin: Simple History » GDPR Compliance

  • Resolved MNX

    (@mononox)


    Hi,

    Do you think you’d be willing/able to make this plugin fully GDPR compliant? For this, it would require a setting to allow anonymising all collected IP addresses.

    I know, it’s a bit of a pain but unfortunately quite inevitable soon.

    Best regards,
    Sven

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Pär Thernström

    (@eskapism)

    Hi!

    I’m still reading up on the GDPR-thingie and I’m not sure yet how to act in all areas.

    Regarding the IP address I’m currently thinking of anonymize the IP address, so you could still get some info about it, like general location.

    Even after dealing with the IP address there is till the issue that the plugin do log a lot of things that is “personal data”, i.e. information relating to an identified or identifiable natural person. Like usernames and emails. So not quite sure yet how to handle all this.

    If you have ideas or suggestions please let me know!

    • This reply was modified 1 year, 5 months ago by  .

    I’m not a lawyer but from what I’ve learned it’s not too hard to achieve compliance (or avoid needing it). The most important steps to avoid getting sucked into the “GDPR machine” in the first place are:

    – Make sure no personal data ever leaves the system.
    – Anonymize IP’s before processing/storing them (at least for unregistered users).
    – Provide a data retention rule (auto-delete all of this data).
    – Provide a way to search/delete/correct personal data.

    Since this plugin works in the interest of site security, it is okay to handle personal data temporarily, as long as it’s mentioned in the privacy policy of that site and automatically gets deleted when not needed anymore. All users will have to give consent to this procedure when signing up to the website that’s using your plugin.

    So, as long as you don’t collect any of that data yourself, this GDPR thing is pretty much out of your hair.

    You could provide a list of data that may be used and explain in layman’s terms how it’s used and secured from unauthorized view so people can use that bit in their own site’s privacy policy.

    Example:

    This website uses Simple History, a security log and website change verification tool that helps us to identify (un)authorized changes made to this website. This tool may store site user’s personal data in a temporary log, for inspection by authorized staff only.

    Data used:

    • Anonymized IP address
    • Site username
    • Email address

    This data will automatically be deleted after x days.
    It will never be shared it with any third party.

    This is a bit too basic but you get the idea. It’s the site developer’s responsibility to make sure all the tools used are compliant and you can best assist them in making that information easily accessible.

    Note: I don’t think the feed feature is GDPR compliant (no authentication to protect the data from view), adding a note to the settings page should be all it needs though.

    Again, I’m not a lawyer, it’s just a couple of recommendations to get you going.

    Following this…

    following this…

    Me too…

    Plugin Author Pär Thernström

    (@eskapism)

    In version 2.22 IP addresses are anonymized by default.

    WP 4.9.6 was also just released with some privacy/GDPR related functions. I’ll try to update my plugin with the recommended actions they outline here:

    WP 4.9.6, Privacy, Hooks, and You

    Please let me know if there is anything more you need. As many other developers and users out there, I’m not a lawyer. But together we may come up with the best practice and solutions 🙂

    Hi, thanks for all your work. The update works just fine!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘GDPR Compliance’ is closed to new replies.