內容簡介
GDPress 提供了隱私和更多工具。
GDPress 的主要功能包括:
隱私請求表單
管理工具條中的菜單,可立即查看已確認的隱私請求
自版本 2.0 起,提供了一組工具,以幫助您遵守 GDPR:
*一組保護和健康工具,因為保護個人數據始於健康和受保護的安裝,以防止潛在的數據泄露。
* RoPA 助手可幫助您構建您的處理活動記錄-一個 GDPR 義務(第 30 條)。
*由/為數據主體導出/刪除請求所涉事件的日誌記錄(請參閱設置頁面)。
* DPO 的特定 wp 角色。
* 專門為您的 DPO 提供的隱私/GDPR/ISO27701 儀表板!
GDPR 的合規性是一個永無止境的過程。
技術細節
n/a
隱私
GDPress 不會調用任何外部 Web 服務
並且不使用除 WordPress 核心之外的任何外部軟件。
如果設置了存檔設置,GDPress 將存儲與數據主題和核心隱私過程相關的事件。
備檔歸數據保護官所有,僅為法律目的。
它們被檢索到數據主體,但不被刪除。
負責任/可審計性
這是 GDPR 中的法律義務。在面對您當地的數據保護機構或法官时:
*您對達到 GDPR 合規性的行動負責,並且必須提供證明(啟用此插件是不夠的)。
*如果被起訴,您將需要提供一些證據:您合法行事並回復了數據主題的請求(將所有活動存檔以進行法律目的在 GDPR 中是允許的,並且必須在您的處理活動記錄中聲明)。
其他主要義務
處理活動記錄,期望 WordPress 團隊為核心發布它。對於任何主題或插件,將新的隱私部分添加到 readme.txt 是必須完成的。
個人數據違規通信(以及向您當地的 D.P.A.)
隱私設計
這個概念也在 GDPR 中。在 wp 中,Privacy 與 Gutenberg、Admin、wp-cron 等組件一樣需要考慮
Privacy by design 應在所有 wp 組件中被運用,就像主題和插件的上述推薦一樣,所有組件都應發布其“隱私部分”嗎?
待解問題
核心中的隱私設置:唯一頁面上的唯一設置,無法更改(無掛鉤):隱私政策頁面
任何隱私請求都是個人數據,應該將其檢索到數據主體
刪除導出請求將不刪除導出文件(安全問題,潛在的數據泄露)
需要識別的外部處理程序(隱私設計)
Gutenberg 塊與服務器端設置的嵌入處理程序和 oembed 提供程序的一致性(隱私設計)
託管在短暫內存中的 oEmbed 响應(不再是 postmeta html 快取)用於博客文章或 oEmbed 提供程序(隱私設計)
能夠在 Gutenberg 中刪除塊,例如“/map”用於 Mapbox(隱私設計)
未來的“Icon”組件:從 Dashicons 到 svg(隱私設計)
現在,像“θσερ@εχαμπλε.ψομ”這樣的電子郵件是有效的,但被 wp 函數 is_email() 拒絕(隱私請求被拒絕)
Web 標準應適用,這可能是世界各地“各種隱私問題”的法律問題!
外掛標籤
開發者團隊
原文外掛簡介
GDPress is providing tools for privacy and more.
Major features in GDPress include :
a privacy request form
a menu in the admin_bar to see at once confirmed privacy requests
and since version 2.0 a set of tools to help you comply with GDPR
* a set of protection and wellness tools, because protecting personal data starts with a healthy and protected installation to prevent potential data breach.
* a RoPA assistant to help you building your Records of Processing Activities – a GDPR obligation (Article 30).
* a logging of all events related to export/erase requests by/for the data subject (see settings page).
* a specific wp role for dpo.
* and a dedicated Privacy/GDPR/ISO27701 dashboard for your d.p.o. !
GDPR compliancy is a never ending process.
Technical Details
n/a
Privacy
GDPress is not calling any external web services
and is not using any external software other than WordPress core.
GDPress stores events related to the data subject and core privacy processes if archive setting is set.
Archives are under the authority of the Data Protection Officer for legal purpose ONLY.
They are retrieved to the data subject, but not deleted.
Accountability/Auditability
These are legal obligations in GDPR. In front of your local data protection authority or a judge :
* You are accountable of your actions to reach GDPR compliancy and must prove it (activating this plugin is not enough).
* If sued, you will have to provide some evidence : you acted lawfully and replied to the request of the data subject (archive all activities for Legal Purpose is allowed in GDPR and must be declared in your Records of Processing Activities).
Other Major Obligations
Records of Processing Activities, expecting WordPress team to publish it for core. And for any theme or plugin, adding a new Privacy Section in readme.txt is a must do.
Communication of a personal data breach to the data subject (and to your local D.P.A.)
Privacy by design
This concept is in GDPR too. In wp, Privacy is a component like Gutenberg, Admin, wp-cron …
Privacy by design is or should be declined and included in ALL wp components. Should all components publish their “Privacy Section” just like the above recommandation for themes and plugins ?
Pending Questions
Privacy settings in core : only one setting on a unique page that cannot be amended (no hook) : the privacy policy page
any privacy request is a personal data and should be retrieved to the data subject
removing an export request do not delete the export file (security issue, potential data breach)
external processors to be identified (privacy by design)
Gutenberg blocks coherence with embed handlers and oembed providers as set on the server side (privacy by design)
oEmbed responses cached in transients (no more postmeta html cached) for blog posts or oembed providers (privacy by design)
ability to remove blocks in Gutenberg such as “/map” for Mapbox (privacy by design)
future “Icon” component : from Dashicons to svg (privacy by design)
Nowadays, emails such as “θσερ@εχαμπλε.ψομ” are valid but rejected by wp function is_email() (privacy requests rejected)
Web standards should apply and this can be a legal issue : one of the “variety of privacy issues around the world” !
