Gdpr compliance plugin

[garciademarina]

Hi there,

We have develop a plugin that will help you comply with GDPR  General Data Protection Regulation

Beta version, some improvements will be added soon

This plugin includes handle three required points for gdpr compliance:

Explicit consent, users need to give you consent by ticking a box (pre-ticked boxes cannot be used).
Include required checkbox to forms:
Item contact
Item send friend
Register
Recover password
User contact
Contact
Create alert (manually / only if user is not logged in)

Right to erasure, The GDPR introduces a right for individuals to have personal data erased. This feature will add a remove account link to your users menu. (Usually all themes already have it, however in order to comply with gdpr you need to have it.

Right to data portability, allows individuals to obtain and reuse their personal data for their own purposes across different services. This feature will add a download link to your users menu, by clicking it your users will generate a zip file that contains: user info, listings info, user alerts and all listings images.

This software may not be resold, redistributed or otherwise conveyed to a third party

NOTE: You must understand GDPR if you want to be compliant, installing this plugin it's not enough. 

Download: https://market.osclass.org/plugins/miscellaneous/gdpr-osclass_979

[Updated version]

- generate manually user data, (by user id).
- possibility to choose the behaviour of "download" link, on the fly generation or send email request to the "contact email address" for manually generation of user data.

Regards

[Aficionado]

Hello.

One question: the "download" zip data from an account is prepared "on-the-fly" as i see.

I can't test it myself but what happens if a user has let's say... 100 ads in his account and 100 images ? Is this procedure somehow heavy for the site ? Wouldn't be better to create this during a  CRON and email the user with the link with an expiration ?

[calinbehtuk]

Hello.

One question: the "download" zip data from an account is prepared "on-the-fly" as i see.

I can't test it myself but what happens if a user has let's say... 100 ads in his account and 100 images ? Is this procedure somehow heavy for the site ? Wouldn't be better to create this during a  CRON and email the user with the link with an expiration ?

Well pointed!
For the same reason i don't include this in my project. It easy for few ads but what about 1000 ads the zip archive will be huge.

[Aficionado]

Well pointed!
For the same reason i don't include this in my project. It easy for few ads but what about 1000 ads the zip archive will be huge.

Well to be honest, most users in my systems have less than 10 BUT i have some India posting services that have a huge ammount (maybe more than 100-200 each).

Also it seems more relaxed to have a link in your email than a download link that you may lose after a few seconds (and then REQUEST the download again).

[calinbehtuk]

Well to be honest, most users in my systems have less than 10

You can find exception. I have a client which has a site with some top users with more 3000 ads  per user(PC components). Anyway i am glad to see that some action is done from osclass team, and i am sure that this plugin will be improved.

[garciademarina]

Hi,

Osclass core have a "backup sql" and "backup data" feature, if they work the "download gdpr" feature should work too.

However to comply with gdpr you need to provide a way to download the user data, it can be with a download link or via email.

More important users can send you an email requesting their data and you must provide it (by law, you have 30 days).

I will add an option to generate the zip file from oc-admin so admins can provide the zip file for a user request.
Adding this option will allow you to select if you want to provide the user data "directly" or via "email request to the admin email" (admin receive al email request,  generate the data via oc-admin and send it to the user)

NOTE: you can also install this plugin and disable only  the "download" feature, this way if you receive an mail requesting the user data you will be able to generate it manually via oc-admin (in the next version)

Regards

[Jarosvet]

Hello, I've installed the plugin and enabled the download feature but can't find the link in user menu to do it, also can't find it in the code

can you please share the code how to include this link manually to the theme?

[garciademarina]

You can add the link manually by adding this code:

Code: [Select]

<a href="<?php echo osc_route_url('gdpr_download_user_data'); ?>"><?php _e('Download', 'your_theme_domain'); ?></a>
NOTE: you need to have enabled "Right to data portability" feature.

[Jarosvet]

You can add the link manually by adding this code:

Code: [Select]

<a href="<?php echo osc_route_url('gdpr_download_user_data'); ?>"><?php _e('Download', 'your_theme_domain'); ?></a>

Thank you, but I see just a blank "custom page" when click on it

[Aficionado]

In my case i see the Download option is added automatically in OsclassWizards theme and work ok.

[Aficionado]

One thing missing (or i am blind  is the Consent on Comments ?

[Jarosvet]

So I see that route url for downloading zip points to empty php file

when I click to download the archive then I see the empty custom page from empty php file

can someone share what function should exsecute when user clicks to downlod? As in my case nothing happens...

[calinbehtuk]

@Jarosvet The plugin needs some adjustments.
Go on plugin settings and activate the plugin.
Enable Gdpr

[Jarosvet]

Plugin is active, settings updated to "On"

the same situation is on 2 sites at once

could it be because I use Amazon S3 to store fotos?

[calinbehtuk]

I got the same page when i tested but when i activate this option it working.