GDPR

Descripción

Este plugin sirve para ayudar al controlador, al procesador de datos y al oficial de protección de datos (OPD) en sus esfuerzos de cumplir las obligaciones y derechos emanados del RGPD.

Documentación

http://gdpr-wp.com/knowledge-base/

Colaboración

Puedes enviar tus peticiones de envío a https://github.com/trewknowledge/gdpr

Shortcodes y funciones de ayuda

http://gdpr-wp.com/knowledge-base/functions-shortcodes/

Características

  • Gestión de consentimientos
  • Gestión de preferencias de privacidad para las cookies con avisos en banner e interfaz de usuario de preferencias en portada
  • Privacy Policy page configurations with version control and re-consent management
  • Rights to erasure & deletion of website data with a double opt-in confirmation email
  • Re-assignment of user data on erasure requests & pseudonymization of user website data
  • Data Processor settings and publishing of contact information
  • Right to access data by admin dashboard with email look up and export
  • Right to access data by Data Subject with front-end requests button & double opt-in confirmation email
  • Right to portability & export of data by Admin or Data Subject in XML or JSON formats
  • Encrypted audit logs for the lifetime of Data Subject compliance activity
  • Data Subject Secret Token for two-factor decryption and recovery of data
  • Data breach notification logs and batch email notifications to Data Subjects
  • Telemetry Tracker for visualizing plugins and website data

Ajustes

General

From the Settings options in the dashboard, you can select the Privacy Policy page for tracking and logging consent.

On login, the user must consent to the Privacy Policy outlined on the site. If the user does not consent, the user will not be registered or logged in.

If the site owner updates the Privacy Policy page content, the change will be logged and flagged to the admin that they must notify users on next login to seek re-consent. Additionally, the warning message can be dismissed in the event of a minor correction or mistake.

Additionally, under General Settings the Admin can set the outgoing email limitation which would set the batch notification email limit per hour in the event of a Breach Notification.

Gestión de preferencias de cookies

Similar to consent management, users can opt in or out of cookies that are being used on the site. There are 3 formats of cookies that can be created which include:

  • Siempre activas: Cookies que están siempre activas o que se requieren para que funcione el sitio.
  • Conmutador: Las cookies se pueden activar o bloquear en base a las preferencias del usuario
  • Enlace de aceptación: Las cookies que requieran configuración por parte de terceros para aceptarlas

Dependiendo del ajuste en las preferencias del usuario, puedes usar la función is_allowed_cookie( $cookie ) para guardar y definir las cookies. La cookie con las cookies aprobadas por el usuario puedes encontrarla en otra cookie llamada gdpr_approved_cookies. También hay una función de ayuda llamada is_allowed_cookie( $cookie ) que puedes usar para evitar que se aplique una cookie.

Gestión de consentimientos

Consents can be registered on the settings page. They can be optional or not. By default, this plugin comes with a Privacy Policy consent that users need to agree with on registration.

Para los consentimientos opcionales hay una función de envoltura have_consent( $consent_id ) para ayudarte a mostrar u ocultar algo en el sitio dependiendo de si el usuario dio su consentimiento o no.

Consents are logged to the user record for auditing or for access purposes.

Tabla de solicitudes y derecho a los datos

Derecho a solicitar el borrado

  1. The Data Subject is able to submit a request to be erased from the site using a shortcode.
  2. When a request is made, the Data Subject will receive an email confirmation to confirm the deletion request.

    1. After email confirmation, the user request is added to the requests table for review by the Administrator. The Administrator can also add a user manually with an email look up and review.
    2. If the Data Subject has content published on the site for any post types or comments, they will be added to this table. If they do not have any content, they will receive a confirmation of erasure request and be provided a 6 digit Token for safekeeping after erasure in case of recover data needs.
    3. The requests table allows the Administrator to reassign any content to another user or delete it.
    4. In the event of comments, the Data Subject’s content would be made anonymous.
  3. Admin can also manually add users to the erasure requests table with a manual email search

Derecho a solicitar acceso a los datos y portabilidad de datos del usuario

  1. El usuario de los datos puede enviar una solicitud para descargar sus datos con el shortcode.
  2. Después de solicitar sus datos, el usuario recibirá un correo electrónico de confirmación doble cuando el plugin genere un archivo XML o JSON, que se le enviará por correo electrónico para que lo descargue, con un tiempo de caducidad de 48 horas.

Derecho a rectificar y solicitudes de reclamaciones

  1. El usuario de los datos puede enviar una solicitud de rectificación de datos o archivar una reclamación con el shortcode.
  2. Después de hacer su solicitud, el usuario recibirá un correo electrónico de confirmación doble y luego se le añadirá a la tabla para que el administrador gestione la solicitud.

Herramientas

Acceso a los datos

The Access Data tool allows the Admin to look up a user email and view the data of a particular user. The Admin can download and export the data in a JSON or XML format and provide to the Data Subject if manually requested.

NOTE: This method should not be used without the Data Subject confirming their identity.

Registro de auditoría

Everything the Data Subject does from registration, providing consent to the privacy policy, terms of service and other requests are logged and encrypted in a database. Data breach notifications are also logged to all Data Subjects upon confirmation by Controller.

  1. Usando el correo electrónico del usuario puedes buscar y recuperar la información del usuario y mostrarla.
  2. Si los datos de usuario se han borrado del sitio se borra este registro cifrado de la base de datos y se guardar en un archivo cifrado dentro de la carpeta del plugin.

If in the future, the Data Subject makes a complaint or there is a need to recover the data, the user can provide their email address and the 6 digit token they received from the deletion confirmation email to decrypt and retrieve the file.

Brecha de datos y avisos

In case of a data breach, the Admin can generate a Data Breach Notification to users by logging the information and confirm the breach through a double opt-in confirmation email. The following information would be recorded in the audit log:

  1. Naturaleza de la brecha de datos personales
  2. Nombre y detalles de contacto del oficial de protección de datos
  3. Posibles consecuencias de la brecha de datos personales
  4. Measures were taken or proposed to be taken

Once the confirmation of the breach has been confirmed via email, the website will begin a batch email notification process to all users every hour until all users receive the notification.

Seguimiento de telemetría

The Telemetry Tracker feature will display all data that is being sent outside of your server to another destination. It will indicate the plugin or theme responsible, file and line where the data is being sent.

El núcleo de WordPress y algunos plugins obtienen datos de tu instalación y envían estos datos a un servidor externo.

El directorio de plugins de WordPress no permite a los plugins hacer eso, pero los plugins premium pueden hacerlo debido a que no están sujetos a las reglas del directorio de plugins de WordPress. Si no has aceptado explícitamente esta característica deberías reclamar.

¡Importante!

Activar este plugin no garantiza que una organización reúna completamente sus responsabilidades y obligaciones con el RGPD. Las organizaciones deberían evaluar sus responsabilidades particulares y asegurar que se tomen medidas adicionales para reunir todas las obligaciones requeridas por la ley basadas en la evaluación de impacto sobre la protección de datos (EIPD).

Capturas

  • Cookie settings page.
  • Cookie notification bar.
  • Cookie management modal.
  • Registration with consent checkboxes.
  • Gestión de consentimientos modal.
  • Privacy Policy page updated. Asking for re-consent.
  • User deletion review table.
  • Seguimiento de telemetría.
  • Muestra de registro de auditoría.

Instalación

  1. Upload the plugin to the /wp-content/plugins/ directory
  2. Activa el plugin desde el menú ‘Plugins’ de WordPress
  3. Completa todas las secciones de la página de ajustes.

Preguntas frecuentes

Instrucciones de instalación
  1. Upload the plugin to the /wp-content/plugins/ directory
  2. Activa el plugin desde el menú ‘Plugins’ de WordPress
  3. Completa todas las secciones de la página de ajustes.
¿Qué es el RGPD?

This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

How do Businesses benefit from GDPR?
  • Build stronger customer relationships and trust
  • Improve the brand image of the organization and its brand reputation
  • Improve the governance and responsibility of data
  • Enhance the security and commitment to the privacy of the brand
  • Create value-added competitive advantages
¿Cuándo estará en vigor el RGPD?

Será obligatorio el 25 de mayo de 2018.

¿A quién afecta el RGPD?

The GDPR applies to all EU organisations – whether commercial business, charity or public authority – that collect, store or process EU residents’ personal data, even if they’re not EU citizens.

The GDPR applies to all organisations located within the EU, whether you are a commercial business, charity or public authority, institution and collect, store or process EU citizen data. It also applies to any organisation located outside of the EU if they also collect store or process EU citizen data.

What is considered personal data?

The GDPR defines personal data as any information or type of data that can directly or indirectly identify a natural person’s identity. This can include information such as Name, Address, Email, Photos, System Data, IP addresses, Location data, Phone numbers, and Cookies.

For other special categories of personal data, there are more strict regulations for categories such as Race, Religion, Political Views, Sexual Orientation, Health Information, Biometric and Genetic data.

¿Cuáles son las multas por no cumplir?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.

There is a tiered approach to the fines whereby a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and Data Subject about a security breach or for investigating and assessing the breach.

¿Estoy cumpliendo solo activando este plugin?

No, this plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.

Activar este plugin no garantiza que una organización reúna completamente sus responsabilidades y obligaciones con el RGPD. Las organizaciones deberían evaluar sus responsabilidades particulares y asegurar que se tomen medidas adicionales para reunir todas las obligaciones requeridas por la ley basadas en la evaluación de impacto sobre la protección de datos (EIPD).

Reseñas

Very Handy

Very grateful for this, bit of a struggle setting up, but I appear to be slowly getting there. You really need to get your donate page up soon, so we can bribe you into improving the docs that will make it a bit more obvious to us less techy types

Best so far, but

Of all of the GDPR plugins I have tested recently this one is better than most; but suffers from lack of documentation particularly around the cookies setup.

It would also be beneficial to have examples of pages which provide users with the ability to request data or data erasure, as there is currently only mention of the need to use shortcodes.

It would be good to know what the plans are to integrate with WordPress 4.9.6 as well as WooCommerce 3.4 both of which include their own GDPR functionality

Leer todas las 37 reseñas

Colaboradores y desarrolladores

“GDPR” es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Colaboradores

“GDPR” ha sido traducido a 8 idiomas. Gracias a los traductores por sus colaboraciones.

Traduce “GDPR” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN , o suscríbete al log de desarrollo por RSS .

Registro de cambios

2.0.6

  • Fix XML export error.

2.0.5

  • Fix cookie toggle indicator set to on even if the user had previously untoggled it.
  • Other minor fixes to the audit log reconsent.

2.0.4

  • Adding two missing translation strings
  • Removing debug code that I forgot to remove from 2.0.3
  • Adding to audit log when user reconsents.

2.0.3

  • Fix third party cookies now showing up in the privacy preferences window or the settings page.

2.0.2

  • Fix reconsent not logging correctly on reconsent
  • Fix reconsent bar not showing up.

2.0.1

  • Removing things that should have been deleted prior to updating to 2.0.0.
  • Fix new reconsent bar missing closing div.

2.0.0

  • Change all requests and privacy preferences window to AJAX to avoid the admin-post hook issue.
  • We do not track privacy policy anymore. We can now track any kind of policy that users want. Those have been moved to each consent.
  • Including more options. Including “enable/disable” the privacy bar.
  • New filters and funtions were included.
  • Making the settings a little more accessible.
  • Removed the reconsent modal. It was too obtrusive. We switched to a more subtle notification bar.

1.4.7

  • Solución para los usuarios que se quejaban de que sus barras de scroll no aparecían si no seleccionaban una página de política de privacidad.

1.4.6

  • Cambio de la lógica de volver a dar el consentimiento para que no influencie al SEO con contenido repetido.

1.4.5

  • Ajustes menores de estilo
  • El scroll en la web esta desactivada cuando la ventana emergente esté activa
  • Ajuste de la barra de privacidad para que se sitúe detrás de la ventana emergente de volver a dar el consentimiento

1.4.4

  • Solución al campo all_cookies que se mostraba como campo de texto en vez de oculto.

1.4.3

  • Found one more instance of Telemetry Scanner, changed to Telemetry Tracker.
  • Borrado de cookies cuando los usuarios cambian sus preferencias y desactivan algunas cookies.
  • Cambio del campo utilizado para las cookies a textarea para una mejor lectura cuando se configuren muchas cookies.
  • Añadido un texto a la página de ajustes para explicar que aunque se registren cookies, si el usuario no introduce algo de texto en el banner de privacidad este no se mostrará.
  • Añadidos filtros para el correo de aviso al administrador. https://gdpr-wp.com/knowledge-base/actions-filters/
  • Añadidos filtros para la etiqueta del botón de los formularios de solicitud. https://gdpr-wp.com/knowledge-base/actions-filters/

1.4.2

  • Solucionada la reaparición de la barra de privacidad. La cookie no se había configurado que caducase en un año.

1.4.1

  • Se permiten enlaces en la descripción de consentimiento de la página del perfil de wp.
  • Forzado de que las pestañas sean un array cuando están vacías, para solucionar los avisos y el error fatal en portada.
  • Ocultada la barra lateral de cookies en la ventana del centro de privacidad si no se han registrado cookies.
  • Añadido un filtro para que el texto del botón de la barra de privacidad se pueda cambiar.
  • Cambio escáner de telemetría a seguimiento de telemetría para consistencia en todo el plugin.
  • Traduciendo cadenas que faltaban.
  • Añadidas opciones para añadir o quitar casillas de consentimiento a los formularios de registro y al de woocommerce al finalizar compra.

1.4.0

  • Añadida la opción de desactivar el CSS del plugin. Ten cuidado al usar esta opción. Asegúrate de que sabes lo que estás haciendo.
  • Añadida la opción de activar o desactivar la característica de telemetría.
  • Añadida la opción de añadir reCaptcha a los formularios de solicitud.
  • Añadidos comentarios a la exportación de datos personales.
  • Movido el campo del contenido de la barra de privacidad y el campo del extracto de privacidad a la pestaña de ajustes generales.
  • Quitado el enlace automático a la política de privacidad de la barra de privacidad.
  • Ahora aceptamos enlaces en el contenido de la barra de privacidad para estar al día con el último cambio.
  • Cambiada la programación de limpiado de la telemetría a cada hora.
  • Forzado para que la barra de privacidad se quede a la izquierda para evitar incompatibilidades de CSS.
  • Renombrado de las clases de pestaña en el panal de admin para de nuevo evitar incompatibilidades.
  • Solucionado que el centro de preferencias solo se muestre cuando se registran cookies.

1.3.5

  • Fix undefined variable warning.
  • Fix WooCommerce and possibly other plugins nonce manipulation for logged out users. For real this time.
  • Fix XML export fatal error when meta key starts with a number.

1.3.4

  • Prefixed all nonce actions.
  • Fixed cookies being checked by default when they should have been unchecked.
  • Possible fix for strange characters causing XML export to throw an error.
  • Fix for WooCommerce nonce manipulation for logged out users that was preventing visitors from updating their privacy preferences.

1.3.3

  • Fix translation error everybody has been complaining about.

1.3.2

  • Fix issue with the is_allowed_cookie JS function.

1.3.1

  • Fix consent syncing when difference comes from database and not the cookie.
  • Might allow people to use external services like iubenda.

1.3.0

  • Added BuddyPress registration form integration.
  • Added WooCommerce registration and checkout registration form integration.
  • Added admin notifications when a user makes a request that requires interaction.

1.2.2

  • Adding a couple missing translation strings.
  • Wrapping the telemetry post type page in an if so people can unregister it if they want to.

1.2.1

  • After one user reported that their scroll bar disappeared I decided to remove the code that do that when the reconsent modal shows up. This has no impact on anything, but it might fix this user problem.

1.2.0

  • Fix has_consent and is_allowed_cookie JavaScript functions not being available globally.
  • Add a function to get the consent checkbox without echoing them.
  • Change how the user deletion request works. We removed the email attachment to avoid being considered spam. The user can now download it immediatelly by clicking on their email link.
  • Adding an option for user deletions always be added to the request review table. That will allow you to remove your users from third-party services before removing them from your site.

1.1.6

  • Fix weird javascript issue that was preventing users from using the “Close my account” feature.

1.1.5

  • The gdpr_request_form PHP function was returning instead of echoing. That is now fixed.
  • Fix issue when syncing consent cookie and database values.
  • Fix issue that prevented the privacy bar from disappearing after saving privacy preferences.

1.1.4

  • Possible fix for cached sites.
  • Added has_consent and is_allowed_cookie functions to javascript.
  • Changed how the privacy bar and re-consent modal show up based on javascript.
  • Better sync of consent and cookies with a cookie.

1.1.3

  • Changed Complaint and Rectification form submit button wording.
  • Added a loading indicator on the reconsent window. Slow servers will not give the impression that this featured is not working anymore.
  • Fixed user notification not showing after confirming deletion email.
  • Fixed consent “required” toggle not displaying the correct state.
  • Added a second confirmation after disagreeing to reconsent.

1.1.2

  • Fixed reconsent modal not closing after agreeing to the new policy.

1.1.1

  • Forgot to unload jQuery-UI.

1.1.0

  • Merge the two preferences windows into one.
  • El shortcode [gdpr_preferences] ya no necesita el atributo ‘type’ para que funcione.
  • Removed jQuery UI from the front end and replaced with our own notification window to keep a consistent color scheme, avoid unnecessary requests and avoid style issues from theme to theme.
  • Allow logged out users to keep track of consents too. ( Those are not logged to the audit log for obvious reasons. )
  • Added a refresh after preferences change so users can display forms or count the user visit and so on depending on the new user consent.

1.0.6

  • Allowing users to add target on their privacy policy links on the consent description.

1.0.5

  • Allow users to use links on their consent descriptions so they can link to their privacy policy or other pages.

1.0.4

  • Added a link to the privacy policy page on the cookie bar and on the cookie preferences window.
  • Added a new option for a text just before the privacy policy link on the cookie bar.
  • Checking if the user actually registered cookies before showing the cookie bar.

1.0.3

  • Added a shortcode for re-opening the cookie or consent management windows.

1.0.2

  • Added new filters for access data so extensions can add more information.
  • Rebuilt the translation pot file and added translation comments.

1.0.1

  • Fix issue on cookie preferences not saving and displaying php errors.

1.0.0

  • Added cookie management screen
  • Added consent management screen
  • Added Telemetry tracker
  • Complete code rewrite
  • Added more types of request
  • Added Help documentation
  • Added new shortcodes
  • Changed to Settings API

0.1.1

  • Set the admin email as the default processor information on activation
  • Settings updated notice is now dismissible

0.1.0

  • Beta version released to the public