Support » Plugin: The GDPR Framework By Data443 » No Data available despite showing Consent

  • Resolved mrerus

    (@mrerus)


    I setup a Contact Form 7 form with no issues, it all worked great. When I first tried the Privacy Tools page to get access to data (visitor) it worked as expected, I could see the data, consent and was able to delete it.
    However, I have since tested the form using the same email address I used the first time and its not working correctly. When I use Privacy Tools page I get an email saying there is no data, when I search for that email address in the ‘Data Subjects’ tab, it shows ‘No data found’ but does actually show ‘Consents given:’ ‘Contact Form Data Consent’ so something appears to not be quite correct.

    I intend to do more tests to see if this is related to using the same email more than once, or a seemingly random bug.

    I fully appreciate the enormous effort that you’ve made so far and I would sincerely like to thank your team.

    UPDATE: Tried using a different email address and its not working at all now (even on first attempt), still no data stored, but consent given.
    Further testing has revealed that it only currently works with registered users and does not work with Visitors.

    • This topic was modified 1 year, 4 months ago by  mrerus.
    • This topic was modified 1 year, 4 months ago by  mrerus.
    • This topic was modified 1 year, 4 months ago by  mrerus.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author indrek_k

    (@indrek_k)

    Hi there!

    Thanks for the bug report!

    The problem here is that the plugin currently doesn’t consider the consent log to be part of personal data gathered, but that seems wrong.

    I will discuss the implications of this with Maarja, the lawyer and figure out a solution.

    I just noticed the very same issue. No data saved, but consent shown when the email is searched.

    I’m following along for a solution.

    Thank you.

    The only way the data is stored is to create a user everytime someone send a message through the contact form (Contact Form 7). I used the Frontend registration plugin and everything works like a charm. Of course you need also Flamingo.

    Plugin Author indrek_k

    (@indrek_k)

    > The only way the data is stored is to create a user everytime someone send a message through the contact form (Contact Form 7).

    Technically no – you may still be storing data even if the user doesn’t have an account. And the Privacy Tools page should work for visitors without accounts as well.

    I think we’ll just add the consent log to visitor data, I don’t think there’s a problem with that. This will most likely happen next week.

    Thanks for all the responses to this post.

    For clarification purposes am I correct in thinking that that site ‘Visitors’ will have no way request removal of the data (data may not be stored on the website itself but in my case sent to an external email service directly from the Contact Form) or consent prior to the GDPR go live?

    I like many have found very contradictory information with regards to GDPR but personally intend to perhaps adopt the safest stance and assume the worst, overdo it rather than under.

    Generally, as the plugin doesn’t work for ‘Visitors’ at this time do you think a simple Form for requesting ‘Data Deletion’ and/or ‘Remove Consent’ would be sufficient (I’d just need to delete the associated entries from the db table manually), my concern with this is that anyone can submit a request without checking if they the real users (probably ok short term?).
    Alternatively, I could force create a user when Contact Forms are submitted, but I’d rather not take that approach if possible.

    Any thoughts?

    Kindest regards,
    Mark.

    • This reply was modified 1 year, 4 months ago by  mrerus.
    • This reply was modified 1 year, 4 months ago by  mrerus.
    Plugin Author indrek_k

    (@indrek_k)

    @mrerus – regarding your comment:

    > For clarification purposes am I correct in thinking that that site ‘Visitors’ will have no way request removal of the data (data may not be stored on the website itself but in my case sent to an external email service directly from the Contact Form) or consent prior to the GDPR go live?
    Not entirely. The goal is that visitors should be able to download or remove their data as well as withdraw consents even if they don’t have accounts. We do have this working properly in the plugin right now, but data removal and export depends on which data you’re storing and how. Since CF7 sends form entries to your email by default and doesn’t store anything, then obviously we cannot automate this in any way. At the moment, the only problem is that consents are not considered ‘personal data’ by the plugin so if the visitor has only given a consent to something but no other data is stored, the plugin will think that no data is stored at all. This will be fixed very soon.

    However, I’ve just released the beta version of Flamingo support, which I recommend using instead of storing the data in your inbox anyway. You can use it as a workaround to the consents problem as well.

    Regarding Flamingo: I would really appreciate if you had time to test this – I literally don’t have enough hours in the day to test this properly myself 🙂

    The link is here: https://www.dropbox.com/s/j40hz097ah89pmc/gdpr-framework-1.0.9-RC1.zip?dl=0

    If both CF7 and Flamingo are installed, then a new tab is added to each form’s settings. You’ll need to enable the plugin for each form separately as well as enter the tag name for data subject’s email, like so: https://www.dropbox.com/s/p6cocrtd3hv99zl/gdpr-framework-1.0.9-screenshot.PNG?dl=0

    Looking forward to all feedback!

    @indrek_k

    That’s great many thanks for the reply.

    I’ve tested your 1.0.9-RC1 version with Flamingo and it appears to work great, brilliant!. One minor bug I found was that if you use an Alias style email address i.e. ‘joe+bloggs@gmail.com’ then it can’t be found using the ‘Find data subject by email’ as the ‘+’ becomes a ‘ ‘ hence no data found despite it existing, I know this is a very minor/unlikely issue but I thought it worthy of mention.

    A quick question: What is the purpose of the ability to withdraw only ‘Consent’? At the present time consent can be withdrawn but the data will remain unless the user specifically selects ‘Delete Data’. I’d assume if ‘Consent’ is withdraw then their data should also removed? (It’s highly likely that I’ve misunderstood something but I’ll ask anyways).
    UPDATE: I’d guess consent withdrawal is useful/required for those with more than one ‘Consent type’ (I.e. Subscriptions/Marketing opt-in/opt-out etc.) but if Consent is withdrawn from a ‘consent type’ that’s associated with data such as a Contact Form submission then in my mind the data should also be deleted.

    I’m more than happy to test any other releases (I’m about the next couple of days so plenty of time for testing if required.

    Huge thanks for all your efforts thus far, greatly appreciated.
    Regards,

    Mark.

    • This reply was modified 1 year, 4 months ago by  mrerus.
    • This reply was modified 1 year, 4 months ago by  mrerus.
    Plugin Author indrek_k

    (@indrek_k)

    > I’ve tested your 1.0.9-RC1 version with Flamingo and it appears to work great, brilliant!. One minor bug I found was that if you use an Alias style email address i.e. ‘joe+bloggs@gmail.com’ then it can’t be found using the ‘Find data subject by email’ as the ‘+’ becomes a ‘ ‘ hence no data found despite it existing, I know this is a very minor/unlikely issue but I thought it worthy of mention.

    Thanks, this is a great observation. I’ll add a fix in the todo list.

    > I’d guess consent withdrawal is useful/required for those with more than one ‘Consent type’ (I.e. Subscriptions/Marketing opt-in/opt-out etc.) but if Consent is withdrawn from a ‘consent type’ that’s associated with data such as a Contact Form submission then in my mind the data should also be deleted.

    You are completely right. However, this is something that’s so different for each plugin and website that we can’t provide anything other than development tools to build out those parts easily. At least right now. If you have any common use cases in mind, do let me know.

    Will mark this thread as resolved. But if you have any other issues or questions, let me know!

    Hello,
    I tried what you suggest here (I have both CF7 and Flamingo)
    https://www.dropbox.com/s/p6cocrtd3hv99zl/gdpr-framework-1.0.9-screenshot.PNG?dl=0

    But I still have no data stored. I can only track consents but when I ask for data subjects I get this message:

    Results for: “EMAIL ADDRESS”

    No data found!
    Consents given
    ✔ I agree to the terms of the Privacy Policy
    ✔ I accept the Terms & Conditions

    Am I doing anything wrong?
    Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘No Data available despite showing Consent’ is closed to new replies.