Name: DivertDigital GDPR
Author: zeddivert

Back to plugins

Homepage WordPress

Actions

Download Author page See on WordPress

Plugin info

Total downloads: 1,354

Active installs: 10

Total reviews: 0

Average rating: 0

Support threads opened: 0

Support threads resolved: 0 (0%)

Available in: 1 language(s)

Contributors: 1

Last updated: 5/15/2018 (2834 days ago)

Added to WordPress: 3/28/2018 (7 years old)

Minimum WordPress version: 4.0

Tested up to WordPress version: 4.9.26

Minimum PHP version: 5.3

Maintenance & Compatibility

Maintenance score

Possibly abandoned • Last updated 2834 days ago

20/100

Is DivertDigital GDPR abandoned?

Possibly abandoned (last update 2834 days ago).

Compatibility

Requires WordPress: 4.0

Tested up to: 4.9.26

Requires PHP: 5.3

Ratings

0 See all reviews

Developers

zeddivert (Owner)1

Languages

Similar & Alternatives

Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.

No similar plugins found yet.

See more alternatives to DivertDigital GDPR

Description

With upcoming General Data Protection Regulation (GDPR) websites have requirements to protect personal data of their users.
This plugin offers following:

Pseudonimization of user private data (including WooCommerce if installed)
Newsletter consent trail
Download all user data
Forgetting user personal data

This plugin is considered in BETA stage due to lack of testing. Please BACKUP your site befor usage.
Please read the Installation section and report your plugin issues to [email protected].
To hire our agency to help you with site rebranding/development or other GDPR requirements please contact us through our site https://www.divertdigital.com or email [email protected] directly.

Pseudonimization

Pseudonimization is process of encrypting sensitive data with encryption algorithm to prevent access to that information by unauthorised users. We are using ChaCha20-Poly1305 to encrypt data to allow for better compatibility for older Word Press sites. Unfortunately AES requires PHP 7.1 which is not present at many hosts.

After checking the encrypt option in settings for each user is generated key in wp-content/enc_keys. This is explained more in the FAQ section. All personal data for the user and WooCommerce will be encrypted and decrypted automatically so no visible change should be identified.

Article 25 EU GDPR “Data protection by design and by default”
Article 32 EU GDPR “Security of processing”

Newsletter consent trail

Consent trail is required to demonstrate that user has consented to processing of personal data. This part of plugin allows easy consent trail generation as PDF files in wp-content/newsletter_consents by doing predefined actions. Plugin handles cases of when subscribe is pending (user needs to confirm email) and when subscription is confirmed. See the Newsletter consent for configuration

Article 7 EU GDPR “Conditions for consent”

Download all personal data

This is required functionality to allow user access to all of his personal data. This is represented as a button in a profile area once enabled.

Article 15 EU GDPR “Right of access by the data subject”
Article 20 EU GDPR “Right to data portability”

Forgetting user personal data

Users need the ability to remove all personally identifiable data from the website. All personal data is set to N\A (Not Available). Users can access this functionality through the button on profile area, while admins have that option as bulk action. This GDPR requirement has very big implications as the data has to be removed even from the backups! More info in FAQ section.

Article 17 EU GDPR “Right to erasure (‘right to be forgotten’)”

User data downloading

Plugin by default downloads WordPress data and WooCommerce private data. You can add additional data to json array by running an action.

function yourFunctionName(&$data){
    // Gather your data for current user
    $userData = array(
        'some_sample_data' => 'This is probably retrieved from database',
        'some_other_data' => 'Some other data you offer in download.',
        'notice_for_devs' => 'Please be sure to get all user data in your system'
    );
    $data['custom_user_data'] = $userData;
} add_action('dd_gdpr_userdata_additional', 'yourFunctionName');Newsletter Consent InstallationTo enable newsletter consent PDF creation modify the code in you plugin or theme functions.php to include calls to action

do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new \DateTime())->format('Y-m-d H:i:s'), $ip);
do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);

Our example below which integrates MailChimp for WordPress and uses Mail Chimp Webhook to confirm registration

function init(){
    add_action('mc4wp_form_subscribed', [$this, 'newsletter_subscribed'], 10, 4);
    add_action('parse_request', [$this, 'parse_mailchimp_webhook']);
}

function newsletter_subscribed($form, $email_address, $data, $map) {
    // Create PDF for consent proving
    $status = $map[array_keys($map)[0]]->status;
    $ip = $map[array_keys($map)[0]]->ip_signup;
    if ($status === 'pending') {
        do_action('dd_gdpr_newsletter_subscribe_pending', $email_address, (new \DateTime())->format('Y-m-d H:i:s'), $ip);
    } else if ($status === 'subscribed') {
        do_action('dd_gdpr_newsletter_subscribe_confirmed', $email_address, (new \DateTime())->format('Y-m-d H:i:s'), $ip);
    }
}

function parse_mailchimp_webhook() {
    if($_SERVER['REQUEST_URI'] != '/mailchimp_webhook') {
        return;
    }

    $type = $_POST['type'];
    if ($type != 'subscribe') {
        return;
    }
    $firedAt = $_POST['fired_at'];
    $email = $_POST['data']['email'];
    $ip = $_POST['data']['ip_signup'];
    do_action('dd_gdpr_newsletter_subscribe_confirmed', $email, $firedAt, $ip);
    exit();
}

Installation

Upload the plugin files to the /wp-content/plugins/ directory, or install the plugin through the WordPress plugins screen directly.
Activate the plugin through the ‘Plugins’ screen in WordPress
Use the Settings->GDPR screen to configure the plugin
Modify permisions for /wp-content/newsletter_consents and /wp-content/enc_keys to be writtable by the web server user

Frequently Asked Questions

Installation Instructions

Upload the plugin files to the /wp-content/plugins/ directory, or install the plugin through the WordPress plugins screen directly.
Activate the plugin through the ‘Plugins’ screen in WordPress
Use the Settings->GDPR screen to configure the plugin
Modify permisions for /wp-content/newsletter_consents and /wp-content/enc_keys to be writtable by the web server user

Why store encryption key as file?

GDPR Article 17 requires that all data be removed, even from backups. If SQL file backups contain the key in database, private information is accessible by just restoring that data. When using encryption as key personal data in the SQL file backups are not readable without it. When removing the user or forgetting his data, removal of the key file makes the data in backups void (unable to be read as we dont have key anymore). Our recommendation is to configure backup system to exclude the keys in regular backups and just synchronize the keys with rsync on the backup server with option to match delete actions in keys folder. Also it improves security by requiring potential hacker to have access to both database and filesystem.

Review feed

No reviews available

Screenshots

Settings screen

Changelog

1.0.4

Added checks for required folders before enabling encryption

1.0.3

Added check to generateKeys

1.0.2

Fixed required PHP and WordPress version. Added image assets.

1.0.1

Fixed install instructions

1.0

Code reorganisation and better compatibility

0.9

First public release

Back to plugins