GDPR Compliance Toolkit – WordPress plugin explained
Data security has become a big concern in the recent years. Many companies don’t take the necessary measures to keep customer information secure. Some even sell information to third-party entities without explicit, informed consent from customers. This has compelled the EU to upgrade their data security laws so all websites that operate in EU countries must comply with them.
What is GDPR Compliance about?
The GDPR act comes into live on the 25th of May 2018. Companies which collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by this date. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.
What does the GDPR act oblige to?
The list of GDPR requirements towards personal data security is long, from the website/ Web system security improvements, to the back-up policy. As far as the website is concerned, the elements which need to be adapted are various, from basic elements like an easily obtainable and detailed ‘Privacy Policy’ and ‘Terms and Conditions’ documents, to the more sophisticated changes – such as for example ‘Pseudonymisation’ (replacing personally identifiable information with one or more artificial identifiers, or pseudonyms in order to impede personal identification). The act also indicates that any company should perform regular data backups of Web systems (which gives the opportunity to restore data from a specific time range), or introduce the right password policy (where passwords need to be changed every 30 days). Get to know the legal base of the GDPR compliance here
Time to switch
Everyone that has a website is aware that they now need to be GDPR compliant. There are plenty of free plugins advertised as complete GDPR compliance solutions which you can use to make the entire process easier. However, you must be aware that some of them can do more harm than good. Users of the free WP GDPR Compliance plugin could have seen it recently. The bad news is that hackers have exploited a vulnerability in this plugin. They hack into websites, install backdoors and take them over. Not only can this compromise the security of your site, but the security of anyone that visits it.
Two Types Of Attacks
According to Wordfence reports, there are two types of attacks taking place. In the first type, the attackers are targeting a bug in the WP GDPR Compliance plugin that allows them to access an internal function and alter settings for the plugin as well as the entire WordPress CMS. The second type of attack is a far more silent technique that involves using a bug in the WP GDPR Compliance plugin to add an entirely new built-in task to WP-Cron, WordPress’ scheduler.
Google conducts regular scans on its domains for all types of malware. If your WordPress site has been compromised by this WP GDPR Compliance plugin hacker attack, it can take a major hit in terms of rankings on the search engine.
The Solution
Regardless of what GDPR plugin you decided to use, perform regular security scans of your website and make sure to always keep a backup copy in case you’ve been hacked. The risk of being a victim of hackers increases with every unnecessary plugin installed in your WordPress. Double-check if all installed plugins as well as WordPress core are up to date!
If you want to minimize the risk of being hacked – try to use as few add-ons as possible, but trust the complex and premium solutions. One of the best choices is to switch to WordPress GDPR Compliance Plugin by createIT. Our unique plugin is an all-in-one, GDPR-compliant solution for your site regardless of the industry you are in or the size of your website. In addition to all the awesome features of this plugin, you get lifetime updates for free, which is amazing isn’t it?
Once you opt for our Ultimate GDPR Compliance Toolkit for WordPress you have peace of mind that your site is GDPR compliant at all times, without worries about hacker-attacks. Our plugin has gone through extensive testing, is quality-checked by Envato and is fully safe to use. We keep constant checks and roll out updates at regular intervals, which helps maintain the security and compliance factors of the plugin.
Customer Support
In case you face any hurdles or hit a wall while using any of our plugin functions, you can rely on our outstanding support systems to ensure you have the best support experience. You get 6-months support from CreateIT and lifetime access to plugin updates.
What does the GDPR WordPress plugin do?
Whether you have small, single-page website or a large multi-page portal, the plug-in can help you meet the GDPR requirements with just few clicks. Here’s an in-depth look at all of its features:
#1 Right to be Forgotten
Sometimes customers don’t want companies to have access to their personal information and want them to delete all past records. This falls under their right to be forgotten so customers can request you remove all data related to them from your services. Businesses must now provide an easy way for them to make this request under GDPR.
With our plug-in, they can make this request in a matter of minutes with the help of a simple online form. There is no need to exchange several emails, call on a customer care line, or take other such time-consuming steps to delete personal data.
#2 Accessing Personal Data
Users don’t just have the right to request deletion; they can also request access to all information you have on them. Our plug-in provides customers easy access to a detailed form. They can make specific requests or ask you to disclose all the information you have collected from them. This form makes it easier for businesses to supply the most accurate and current information.
#3 Pseudonyms
No matter how many security measures you take, there’s always a chance of a data breach. Our plug-in can create pseudonyms for all user information stored in your database. The information will be hidden in plain sight, disguised by false names, which ensures user information is protected in the event the security system fails.
#4 Easy to Manage
Most business owners don’t have the time to manage these requests from a unique portal. They don’t want to spend time learning how to use another software program, which is why we have integrated it into the WordPress Admin Panel. You can manage, alter, or delete user information from the panel so it’s much easier to comply with GDPR.
#5 Services Consent
This plug-in has predefined integration with many popular plug-ins so there will be no conflicts when you install it. It means your website will continue to work as it did before installation, regardless of whether you have Mailchip or WooCommerce installed.
#6 Cookies Consent
Through our software, you can create a customized cookie consent box for visitors. The system will block all cookies until visitors click on the consent box automatically, which ensures there are no accidental GDPR violations.
#7 Terms and Conditions Page
If visitors don’t give their cookie consent, they’ll be automatically directed towards a Terms and Conditions Page. This page contains all information about your privacy policy, terms, as well as some related information regarding the cookies. Visitors can read all this information until they’re certain their information will be protected before they grant consent for cookies.
#8 Breach Notifications
According to GDPR, customers should be informed about security breaches as soon as possible. Our system sends out breach notification emails to all users, warning them about possible leaks. This notification will include all information about the breach such as time, nature, cause, etc., and will provide customer advice on how to deal with this situation.
#9 Portability
All information can be ported or transferred on request. Our system will send data files in json or text format automatically through an email.
The GDPR plug-in comes in seven different languages so you don’t have to worry if your website is German or other European languages. Many of them are supported.
Which websites is the plugin for?
This plug-in is exclusively designed for WordPress based websites. If your website uses WordPress, this plug-in will integrate seamlessly and sure it complies with GDPR. createIT is working on versions that will integrate seamlessly with other platforms as well.
The product is well-designed, compatible with different themes or plug-ins so your website doesn’t face any problems in operation. It will work with popular plug-ins like WooCommerce, Gravity Forms, Events Manager, Contact Form 7, and Mailchimp.
The plug-in fits in perfectly with WordPress websites without causing any vulnerability that might expose your site to hacking. This feature-rich installation is easy to use and upgraded regularly, which makes it a good alternative to less secure options available in the market. It will protect data even if your website has a compromised plug-in.
Will the plugin be further developed?
The Utimate GDPR plug-in is constantly extended, so that it’s compatible with most themes and other plugins on the market. In this aspect its author listens to the clients’ voice, constantly adding features that are most needed. Currently, createIT team is working on a Shopify version as well which should be ready soon.
Why do you need this WordPress GDPR Plugin?
The General Data Protection Regulation is applicable in all 28 EU countries and will be in force from 25th of May 2018. All websites that collect information from EU citizens must follow these newly established standards or they will face fines up to 4% of global turnover or 20 million Euro, compensation claims and similar lawsuits, as well as massive loss of reputation. These laws will be strictly enforced, which is why it’s a good idea that you get prepared for them asap.
For any more information, feel free to check out the Ultimate GDPR Compliance Toolkit for WordPress today.
