Support » Fixing WordPress » GDPR – Export Personal Data

  • Andrei

    (@andrei0luca)


    Hi guys,

    A question regarding the Export Personal Data tool.

    If my understanding is correct, a logged in user can access his personal data by contacting the website admin and waiting for an email response. I may be wrong, but this approach is not very user-friendly and puts an unnecessary load on the admin (especially on big user databases).

    Is there a way to make this process automatically for logged in users? Export / download Personal Data instead of waiting for the admin do it manually? A logged in user is already authenticated so there should be no security, privacy issues.

    Cheers,
    Andrei

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi!

    I do see your point but let’s say for the sake of argument that:

    Case 1: the logged in user doesn’t actually have access to ‘all’ of his data so this might count as an extra measure and prevent a false login on getting all the data. The ‘fraud’ loged in user might see part of the data ( whatever the Admin has decided to be on a profile page lets say ) but there’s no ‘export’ of everything ( far fetched I know but happens 🙂 ). By giving him an automated option then you’re freelly handing everything over. Plus some might want 2-3 steps for verification before a download ( even if logged in ).

    Case 2: let’s take under consideration that not all servers are equal so an automated process might be a bit clunky on a server that doesn’t have resources to handle multiple exports etc and even end up making more bad than good at the end. This was actually 1 of the case it was decided to not be automated.

    It is still a valid point though and it seems that an automated way could be helpful on some situations as well. But it should have an ‘on/off’ switch in my opinion so both ways ( automated or not ) can be decided by any given Admin ( even though I’m in favor of the manual only hehe ).

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Please see https://core.trac.wordpress.org/ticket/44186

    It sounds like the direction is that this should be a plugin, rather than core functionality.

    Andrei

    (@andrei0luca)

    Hi @xkon

    You have a good point, an automated download could be a security issue.

    But an automated export via email (with an on/off switch, indeed) would provide great value to:
    1) the User with instant access to his data
    2) the Admin that would not have to do a repetitive, constant action
    3) the GDPR compliance, preventing cases when the Admin fails (for any reason) to reply to requests

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘GDPR – Export Personal Data’ is closed to new replies.