Not GDPR Compilant

  • Resolved fs5ve

    (@fs5ve)


    3 years, 7 months ago

    Dear Concern,

    We, a group of researchers from University of Virginia and Johns Hopkins University, are analyzing the GDPR compliance in different plugins. From our analysis we found that you are storing ‘firstname’, ‘lastname’, ‘username’, ’email’ (PII information) information in the database without providing data access and data deletion functionalities. Neither you mentioned the storage in your privacy policy that the data will be stored. According to GDPR, whenever you store PII, you need to provide user the data access and data deletion functionality and clearly mention this in privacy policy. Not doing so will violate GDPR law.

    Can you please take a look at this issue and confirm us? If needed we can provide more information on this.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jeff Sherk

    (@jsherk)

    WordPress stores the information, not my plugin.

    Thanks

    Thread Starter fs5ve

    (@fs5ve)

    Hi Jeff,

    Thanks a lot for the reply. We understand you are not storing those sensitive information in your database, instead on the wordpress database. But according to GDPR, whenever you collect personal data (Art. 4 GDPR – Definitions) from the user, you should provide them the following functionalities:
    1. Right of Erasure (Art. 17): User should be able to delete data whenever they wish to.
    2. Right of Access (Art. 15): User should be able to access their data (e.g. export in PDF format) to see which personal data is being collected so far.
    3. Privacy Policy (Art. 12 & 13): User should know about such data collection beforehand. And you should get the consent from the user before collecting those.

    We are willing to help you more if needed. Please, let us know what do you plan.

    Thanks!

    Thread Starter fs5ve

    (@fs5ve)

    Hi Jeff,

    Thanks a lot for the reply. We understand you are not storing those sensitive information in your database, instead on the wordpress database. But according to GDPR, whenever you collect personal data (Art. 4 GDPR – Definitions) from the user, you should provide them the following functionalities:
    1. Right of Erasure (Art. 17): User should be able to delete data whenever they wish to.
    2. Right of Access (Art. 15): User should be able to access their data (e.g. export in PDF format) to see which personal data is being collected so far.
    3. Privacy Policy (Art. 12 & 13): User should know about such data collection beforehand. And you should get the consent from the user before collecting those.

    We are willing to help you more if needed. Please, let us know what do you plan.

    Plugin Author Jeff Sherk

    (@jsherk)

    All data is collected/stoerd by the main WordPress program and is accessible to the user to view and delete under their user account on the site.

    I have not made any claims that any of my plugins are GDPR compliant and I do not have any plans to change anything.

    You are free to not use my plugin if it does not meet your requirements.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Not GDPR Compilant’ is closed to new replies.