Support » Plugin: WP GDPR Compliance » Re: Toremo’s Review

  • First is says “Assists” and it looks like a good plugin to ensure that people are giving you direct permission to store there data.
    No it does not (yet) have a forget me button. Would be a nice addition.

    Now to the Important stuff, be very careful who you openly attack for not being compliant with the GDPR and I suggest you actually read the document as well.
    If your privacy Policy is properly prepared and worded there is no issue in Non personal information (the type wpsmush takes, like how many images and what type and not a user of your site) being stored anywhere.
    It is absolutely impossible in 2018 not to have information flowing around the world, it’s called the Internet. The GDPR is about how and why we keep information, what we do with it and what is required of a company in the event of a breach. The What, Why and How require the person to physically agree (by clicking a button) that they have read and understood your Privacy Policy and agree to you keeping data on that person and that your website and/or business comply with the new Regulations.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Unfortunately you are complete wrong!

    1. If i.e. on a multisite or any wordpress site which uses wp_smushpro or wp_smushit or such kind of plugin an image gets processed you as a website owner are responsible that even the third party, which in that mentioned case means wpmudev or incsub the company behind it complies 100% with GDPR! If they can enusre 100% compliance well than good for those people who use their stuff, but as long as that isn’t the case you as a website owner might get in contact with Millions of fines because you use services which are not 100% compliant.

    The problem with those cloud services is that users of your site not even realize where their data gets processed – in which country and if all those incolved in the processing are 100% compliant to GDPR! smhush is here only an example like many others in the wordpress universum.

    2. You need also a technical part of a solution to make sure that people NOT start using your services if they haven’t read your terms and policies.

    You are right your documentation has to be very well prepared – that is the terms of use site
    The second would be the opt-in site, which means if we take the smush example a customer would need to get a chance to opt-in by default and not opt-out after he already got delivered or had his stuff processed by non GDPR conform services.

    I think a good rule could be to avoid everything what is based in the US or has offices there and don’t provide the same services in a GDPR safe EU location!

    1. If i.e. on a multisite or any wordpress site which uses wp_smushpro or wp_smushit or such kind of plugin an image gets processed you as a website owner are responsible that even the third party, which in that mentioned case means wpmudev or incsub the company behind it complies 100% with GDPR! If they can enusre 100% compliance well than good for those people who use their stuff, but as long as that isn’t the case you as a website owner might get in contact with Millions of fines because you use services which are not 100% compliant.

    Since WPSmush takes no personal information from any members or site users you are “Wrong” … The GDPR relates to the holding of personal information and a persons rights to know what we do with this information and there rights to ask us to remove said information in a simple transparent manor and our legal requirement in the event of a breach to inform them of said breach. We are not required to inform them of anything that does not involve there personal data and smushing images in the wp-content folder in no way breaches the GDPR as no personal information is given to the smushing server or servers regardless of there physical location.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Re: Toremo’s Review’ is closed to new replies.