Challenge: how to comply with article 7 of GDPR
Solution: store consents of users and add an option to export them
GDPR EU (General Data Protection) is a regulation on data protection and privacy in the European Union. In this article, we’re going to focus on Art. 7 GDPR: Conditions for consent. How to comply with privacy regulation when using WordPress CMS on your site? There are multiple plugins for this, the subject of this article will be the Ultimate GDPR & CCPA plugin -> https://www.createit.com/gdpr/
Demonstrate consent
In Article 7(1), GDPR clearly outlines the explicit obligation of the controller to demonstrate a data subject’s consent. The burden of proof will be on the controller, according to Article 7(1).
Recital 42 states: “Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”
How to understand it in plain language? A WordPress administrator / website owner, needs to have the ability to provide logs that include user consents. The WP plugin will store users’ consents. Possible use-cases:
- Cookie Consent (clicking “I agree” on the cookie bar)
- Privacy Policy Consent (checking privacy checkbox on registration)
- Terms and Conditions Consent (agreeing with terms policy by checking the checkbox)
- Services Consent Checkboxes (consent that is freely given, specific, informed, and unambiguous)
Log user consent
Here is an example consent log of a user that accepted cookie settings by clicking “Accept cookies”. The record includes consent_time and consent_level . The user id and email are stored for a logged-in WordPress user.
id: 2 type: ct-ultimate-gdpr-cookie user_id: 2 email: [email protected] user_ip: user_agent: time: 1654774775 data: {"consent_declined":false,"consent_expire_time":1686310775,"consent_level":5,"consent_time":1654774775,"consent_id":2}
Save IP address or User Agent
In addition, you might want to store the IP address and User Agent value for users of your website. This is doable as well. The Ultimate GDPR plugin includes this as an additional option. Let’s see usage examples:
![]()
Download all consent logs
A logged WordPress Administrator has the option to download all consents that are stored in the database. The button for the download can be found in specific sections of the plugin. See the screenshots below:
Individual user consents
Here is article 7 (point 1) of the GDPR regulation:
“Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.”
To meet GDPR requirements, we would like to have the option to:
- be able to export consents for an individual user
- allow data access (user can ask to see what data we’re storing)
- preview the consent log data
- send a summary with the stored data for the user’s email address
All those options are available to use. The instruction is attached below:
Invalid consent
Since 2018, when GDPR was introduced in Europe, the cookie bar has been the default element of every website. Website owners inform visitors about the used cookies and private data required for providing particular services. Sometimes we witness dark patterns that force user consent or mislead website visitors. To comply with the GDPR regulation, remember about:
- not using checked by default opt-in checkboxes
- naming your company in content terms
- telling users about their right to withdraw consent
- storing records of user consent
- making sure processed user data is necessary for the service
Right to be forgotten
Another important GDPR article, popularly called: ‘the right to be forgotten’ is defined as Art. 17 GDPR – Right to erasure:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay(..)
We can easily meet this requirement by adding the Ultimate GDPR shortcode:
to the page. The “Forget me” form will display as one of the tabs in the GDPR My Account page.
All GDPR related features
The important features for a website that wants to comply with GDPR law are: personal data access, requests for data access or deletion, policy consent, cookie consent, services consent, data breach notification, pseudonymization and data portability. Other nice to have features include: privacy center, cookie scanner and integration with popular WordPress plugins.
The Ultimate GDPR plugin for WordPress provides an easy to manage panel to set up all of the above features. The settings can be customized to suit your business needs. This GDPR Compliance Toolkit can be used with default options to support typical use cases or be heavily customized by applying Wp-admin Dashboard Settings. More info: https://www.createit.com/gdpr/
That’s it for today’s tutorial. Be sure to follow us for other useful tips and guidelines and don’t forget to subscribe to our newsletter.
Disclaimer
Disclaimer: We are not lawyers and this item cannot replace lawyer’s advice. We have tried to make it as accurate as possible to handle GDPR requirements, but if you need a definitive legal advice for your business, you have to hire an attorney.
Comments
0 response