前言介紹
- 這款 WordPress 外掛「GDPR」是 2018-02-15 上架。
- 目前有 10000 個安裝啟用數。
- 上一次更新是 2020-05-14,距離現在已有 1815 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 4.7 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.6 以上。
- 有 58 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
fclaussen | trewknowledge | matthewfarlymn |
外掛標籤
law | GDPR | privacy | compliance | general data protection regulation |
內容簡介
此外掛旨在協助控制員、資料處理器和資料保護官(DPO)遵循 GDPR 所制定的義務和權利。該控制員外掛提供以下功能:
文件
https://github.com/trewknowledge/GDPR/wiki
合作
您可以在https://github.com/trewknowledge/gdpr上提交 pull request。
簡碼和輔助函數
https://github.com/trewknowledge/GDPR/wiki/Functions-&-Shortcodes
功能
同意管理
具有前端喜好設定 UI 和橫幅通知的 Cookie 隱私設定管理
具有版本控制和重新同意管理的隱私政策頁面配置
可透過輸入電子郵件地址的確認電子郵件,實現網站數據的刪除和消除權利
刪除請求時,可重新分配用戶數據和對用戶網站數據進行匿名化處理
數據處理器設置和聯繫信息的發布
管理面板使用電子郵件查找和導出數據的權利
數據主題通過前端請求按鈕和確認雙向電子郵件查看數據的權利
管理者或數據主題以 XML 或 JSON 格式實現可攜性和數據導出的權利
符合數據主題合規活動壽命的加密審核日誌
數據主題秘密令牌,用於二次解密和數據恢復
數據漏洞通知日誌和批量電子郵件通知給數據主題
Telemetry Tracker 能夠可視化外掛和網站數據
設置
一般
在儀表板的設置選項中,您可以選擇隱私政策頁面以跟踪並記錄同意。
在登錄時,用戶必須同意網站上概述的隱私政策。如果用戶不同意,則用戶將不會被註冊或登錄。
如果站點所有者更新隱私政策頁面內容,更改將被記錄下來並標記給管理員,他們必須在下次登錄時通知用戶以重新同意。此外,如果有輕微的更正或錯誤,可以忽略警告消息。
此外,在常規設置下,管理員可以設置發送電子郵件的限制,以每小時批量通知電子郵件限制發送速度在發生違規通知事件的情況下。
Cookie 喜好管理
與同意管理類似,使用者可以選擇是否接受站點上使用的 cookie。可創建三種 cookie 格式,包括:
始終啟用的 cookie:始終啟用或網站必須使用的 cookie。
切換的 cookie:根據使用者偏好設置可激活或封鎖的 cookie。
Opt-Out 鏈接:必需配置第三方來源才可以選擇退出的 cookie。
依據使用者偏好設置,您可以使用 is_allowed_cookie($cookie) 函數保存和設置 cookie。具有使用者核准 cookie 的 cookie 可以在另一個名為 gdpr_approved_cookies 的 cookie 中找到。還有一個輔助函數 is_allowed_cookie($cookie),可以用於防止設置 cookie。
同意管理
可以在設置頁面上註冊同意。它們可以是可選的或可選擇的。默認情況下,該插件附帶一個隱私政策同意,在註冊時用戶需要同意。
原文外掛簡介
This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.
Documentation
https://github.com/trewknowledge/GDPR/wiki
Collaboration
You can send your pull request at https://github.com/trewknowledge/gdpr
Shortcodes & helper functions
https://github.com/trewknowledge/GDPR/wiki/Functions-&-Shortcodes
Features
Consent management
Privacy Preference management for Cookies with front-end preference UI & banner notifications
Privacy Policy page configurations with version control and re-consent management
Rights to erasure & deletion of website data with a double opt-in confirmation email
Re-assignment of user data on erasure requests & pseudonymization of user website data
Data Processor settings and publishing of contact information
Right to access data by admin dashboard with email look up and export
Right to access data by Data Subject with front-end requests button & double opt-in confirmation email
Right to portability & export of data by Admin or Data Subject in XML or JSON formats
Encrypted audit logs for the lifetime of Data Subject compliance activity
Data Subject Secret Token for two-factor decryption and recovery of data
Data breach notification logs and batch email notifications to Data Subjects
Telemetry Tracker for visualizing plugins and website data
Settings
General
From the Settings options in the dashboard, you can select the Privacy Policy page for tracking and logging consent.
On login, the user must consent to the Privacy Policy outlined on the site. If the user does not consent, the user will not be registered or logged in.
If the site owner updates the Privacy Policy page content, the change will be logged and flagged to the admin that they must notify users on next login to seek re-consent. Additionally, the warning message can be dismissed in the event of a minor correction or mistake.
Additionally, under General Settings the Admin can set the outgoing email limitation which would set the batch notification email limit per hour in the event of a Breach Notification.
Cookie Preference Management
Similar to consent management, users can opt in or out of cookies that are being used on the site. There are 3 formats of cookies that can be created which include:
Always Active: Cookies that are always active or are required for the site to function.
Toggled: Cookies that can be activated or blocked based on the user preference
Opt-Out Link: Cookies that require configuration from a third-party source in order to opt-out
Depending on the user preference setting, you can use the is_allowed_cookie( $cookie ) function to save and set the cookies. The cookie with the user approved cookies can be found at another cookie named gdpr_approved_cookies. There’s also a helper function called is_allowed_cookie( $cookie ) that you can use to prevent setting up a cookie.
Consent Management
Consents can be registered on the settings page. They can be optional or not. By default, this plugin comes with a Privacy Policy consent that users need to agree with on registration.
For optional consents, there’s a wrapper function have_consent( $consent_id ) to help you display or hide something on the site depending if the user gave consent or not.
Consents are logged to the user record for auditing or for access purposes.
Requests Table & Rights of Data Subject
Right to Erasure Requests
The Data Subject is able to submit a request to be erased from the site using a shortcode.
When a request is made, the Data Subject will receive an email confirmation to confirm the deletion request.
After email confirmation, the user request is added to the requests table for review by the Administrator. The Administrator can also add a user manually with an email look up and review.
If the Data Subject has content published on the site for any post types or comments, they will be added to this table. If they do not have any content, they will receive a confirmation of erasure request and be provided a 6 digit Token for safekeeping after erasure in case of recover data needs.
The requests table allows the Administrator to reassign any content to another user or delete it.
In the event of comments, the Data Subject’s content would be made anonymous.
Admin can also manually add users to the erasure requests table with a manual email search
Right to Access Data Request & User Data Portability
The Data Subject can place a request to download their data with the shortcode.
After requesting their data, the user will receive a double opt-in confirmation email then the plugin will generate an XML or JSON file, which will be emailed to them for download with an expiration time of 48 hours.
Right to Rectify & Complaint Requests
The Data Subject can place a request to rectify data or file a complaint with the shortcode.
After making their request, the user will receive a double opt-in confirmation email and then add them to the table for admin to handle the request.
Tools
Access Data
The Access Data tool allows the Admin to look up a user email and view the data of a particular user. The Admin can download and export the data in a JSON or XML format and provide to the Data Subject if manually requested.
NOTE: This method should not be used without the Data Subject confirming their identity.
Audit Log
Everything the Data Subject does from registration, providing consent to the privacy policy, terms of service and other requests are logged and encrypted in a database. Data breach notifications are also logged to all Data Subjects upon confirmation by Controller.
Using the Data Subject’s email, you can look up and retrieve the user information and display it.
If the Data Subject has been removed from the site, this encrypted log is deleted from the database and saved as an encrypted file inside the plugin folder.
If in the future, the Data Subject makes a complaint or there is a need to recover the data, the user can provide their email address and the 6 digit token they received from the deletion confirmation email to decrypt and retrieve the file.
Data Breach & Notifications
In case of a data breach, the Admin can generate a Data Breach Notification to users by logging the information and confirm the breach through a double opt-in confirmation email. The following information would be recorded in the audit log:
Nature of the personal data breach
Name and contact details of the data protection officer
Likely consequences of the personal data breach
Measures were taken or proposed to be taken
Once the confirmation of the breach has been confirmed via email, the website will begin a batch email notification process to all users every hour until all users receive the notification.
Telemetry Tracker
The Telemetry Tracker feature will display all data that is being sent outside of your server to another destination. It will indicate the plugin or theme responsible, file and line where the data is being sent.
WordPress Core and some plugins gather data from your install and send this data to an outside server.
WordPress Plugin Repository does not allow plugins to do that, but premium plugins are able to do this because they are not bound by the Plugin repository rules. If you did not explicitly opt-in for this feature you should make a complaint.
Important!
Activating this plugin does not guarantee that an organization is successfully meeting its responsibilities and obligations of GDPR. Individual organizations should assess their unique responsibilities and ensure extra measures are taken to meet any obligations required by law and based on a data protection impact assessment (DPIA).
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「GDPR」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.4.7 | 2.0.0 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0.6 | 2.0.7 | 2.0.8 | 2.0.9 | 2.1.0 | 2.1.1 | 2.1.2 | trunk | 2.0.10 |
延伸相關外掛(你可能也想知道)
GDPR Notice 》GDPR Notice 可讓您在用戶首次訪問您的網站時告知他們外部服務的使用狀況,以使您的網站更符合 GDPR 規範。您可以添加自定義條目,以顯示給用戶。, 如果您的...。
GDPR READY ADVICE 》這是一個非常簡單、免費且響應式的小工具,可用於您的網站。在您的頁腳中展示一個小橫幅,讓訪客知道您的網站符合GDPR的規定。, 就是這麼簡單。即插即用的安...。
GDPR Notification 》GDPR通知可以讓您在WordPress頁面的頁尾顯示通知欄,包含您的隱私政策和其他信息連結。。
GDPR – WP Plugin 》digXcel GDPR 外掛可讓所有 WordPress 網站與 digXcel PDM 平台整合,輕鬆協助機構達成 GDPR 規範。, 此外,此外掛更讓網站訪客能夠授予或撤銷 cookie 同意。...。