trewknowledge / gdpr Goto Github PK

I know a lot of people don't think to look there, but the "Help" area in WordPress Admin is the place where this kind of documentation should exist.

It declutters the page, uses an existing API for this purpose, and provides more structure where it will probably be necessary later.

Apologies if this is already a feature, I read through the support pages and issue log and couldn't see it.

I'm wondering if this plugin support geotargeting, so it can be configured to only load for EU based visitors. Thanks.

When adding additional consent types to the consent tab in settings if you set the consent to "required" and then click save it is un-setting the required option after saving.

Question: If multiple consent types are required that are linked to documents (in the same way as the privacy policy consent works) does the plugin ask for new consent after the linked page has been updated? For example explicit consent to terms of use? Some companies have a separate cookies policy and privacy policy for example. It might be better to have the document link next to each consent type instead of on a separate tab?

Request for integration with BuddyPress registration process to present DP opt-in

Hey Gurus,

I looked into the available Zapier Triggers available for MySQL and there isn't anything granular enough that I can find that will trigger when a row is updated.

I'd really love for a way to connect Zapier when a Data User initiates one of the GDPR requests through your plugin because there are actually a ton of small workflow tasks I'd like to tie together that I don't think you should try and build into your plugin, such as the Email process. For example, lots of companies will have CRM software already in place. A GDPR request should be logged in the CRM with the user's metadata that's already on file.
Ideally, the Email sequence that Data Users receive when they make a request should be handled by whatever Email layer the company has already. The easiest way I can see that happening is for your plugin to allow Zapier to write new rows to a Google Sheet with the email address and name of the User. Once a GDPR request is added to a Google Sheet row, Zapier can push that request anywhere.

Here is the base documentation for Zapier: https://github.com/zapier/zapier-platform-cli

I've reached out to Zapier to ask for some additional information for how we can make this work.

Keep up the amazing work!!!

Is there anything planned to add a privacy policy checkbox to the comment submit form (maybe even to popular commenting systems like WP DISCUZ)?

Is it possible to have this GDPR plugin integrate with Ninja Forms and MailPoet in the near future?

Hey great work on the plugin - its appreciated!
Is it possible to request integration with Formidable in the near future?

Thanks!

Would it be possible to configure admin notifications to be sent when a user downloads their data, or requests to be deleted?

IDEA: It would be extremely useful to able to add items to the audit via php. For example, if a user edits their profile data after they are logged in. Or if they make purchases via woo-commerce. Etc.

The text for submitting a complaint reads "Submit Request" - suggest changing to "Submit complaint" or "Submit"

I added a user under the "Erasure" tab of requests and it said it added the user, but I don't see it in the table.

When I try to add the user again I get a message saying "User already placed a deletion request."

Consider making this notice dismissible.

When entering the email address of a registered user, and not including a token, the response is misleading. Consider updating text to include why the user could not be found (likely because of missing token, or doesn't exist in audit log at all.)

1. Cookie Consent displayed to new Visitor X
2. Visitor X clicks 'I Agree'
3. Cookie Consent recorded for the new Visitor X
4. Admin makes a change to cookies settings e.g identifies a new cookie and adds it
5. Admin saves cookie settings
6. Visitor X returns to the site
7. Cookie Consent is not redisplayed to Visitor X even though the cookies list has changed

A few things:

• No autocomplete on text input
• Entering an invalid address provides no feedback if it worked or not
• No indication this is only for registered user email addresses
• What's the difference between "Cancel" and "Delete" here?

What is being reviewed or reassigned? As a new user, and new GDPR, I don't really understand what these are for or do.

As an admin, I manually added a user via the wp-admin. When I went to print the audit log it is showing some false information:

[2018/02/16 21:26:51] First name: Anthony
[2018/02/16 21:26:51] Last name: M
[2018/02/16 21:26:51] Email: [email protected] 

[2018/02/16 21:26:51] User registered to the site.
[2018/02/16 21:26:51] User gave explicit consent to Terms of Service
[2018/02/16 21:26:51] User gave explicit consent to Privacy Policy

In reality, this user never registered or gave consent.

We need to come up with an appropriate flow for this scenario.

Hi
we discuss this on a previous close Issue.
When the user turn on or off the specific category for google analytics cookies the code below show enable or disable these cookies.
I have try it but the cookies from google are not loading... Can you help me here?
I may making some mistake on the code.

• When I turn OFF/ON on the cookie preferences the values on the gdpr[allowed_cookies] array is changing inserting/deleting the _ga, _gat, _gid values, but the cookies are not loaded.
• Is this a issue of the name 'analytics' on the has_consent( 'analytics' ) or something with the cookie category naming?

add_action( 'wp_head', 'my_google_opt_out', 1 );
function my_google_opt_out(){
if ( ! has_consent( 'analytics' ) || ! is_allowed_cookie( '_ga' )) :
?>
<script>
window['ga-disable-UA-xxxxxx-x'] = true; // Replace 'X' for your UA numbers.
</script>

<script>
window['ga-disable-UA-xxxxx-x'] = false; // Replace 'X' for your UA numbers.
</script>
<?php
endif;
}

Thanks in advance.

Hi,
I'm using your js helper functions in order to block standard google analytics cookies before the consent is given (I'm supposed to block them, right?) - however, I noticed this error in a chrome console:

Uncaught ReferenceError: consentArray is not defined
    at window.is_allowed_cookie (gdpr-public.js?ver=1.3.1:1)
    at (index):3032

I checked in an incognito mode and it seems that _ga, _gat_gtag, and _gid cookies are not being blocked. I'm sure it worked previously so I just want to let you know.

I think these are maybe too plain, as is.

It's not really clear what they're for right away, or where they'll appear, or what a user will see, or how to manage the various individual responses to user consents.

Receiving this error when selecting the Download My Data button. Currently logged in as the site admin.

Currently using the "rewrite" branch.

Parse error: syntax error, unexpected 'esc_url_raw' (T_STRING) in .../wp-content/plugins/gdpr/templates/email/export-data-request.php on line 43

Be nice if the opt-in agreement page on login can be set to disabled for admin role

On installing GDPR plug in, the vertical scroll bar on website disappeared. Once plug in deactivated, scroll bar returns. Tried to activate again and vertical scroll bar disappears again. Any help out there? It has latest update 1.2.0 by Trew Knowledge

The link sent in the confirmation email for deleting your account is not working for me at the moment. I have updated to the latest code as you suggested which fixed the other issue.

To reproduce: Choose Close My Account, confirm, open email that is sent, click this link (domain and email modified):

https://site.local?type=delete&key=asnB4VhN0BxPHtxPKQEb&[email protected]

The result is that the homepage appears with no confirmation box, and nothing else happens.

I'm not sure if this would fall under the tag of enhancement/feature request but I spotted on the User profile page the Privacy policy consent box is ticked once a user agree's which is great, however, is it possible to add the date/time stamp to this so that if the question if ever asked of when they agreed it's easily accessible.

https://dha4w82d62smt.cloudfront.net/items/2G0d2L2j1q2P3u0P0j2S/Image%202018-04-06%20at%202.30.01%20pm.png

Hi,
I just spotted one more problem. I need to block Google Analytics cookies before consent is given.
I'm using caching plugin WP Super Cache, so according to your suggestion from this page on Knowledge Base http://gdpr-wp.com/knowledge-base/enabling-or-disabling-functionality-based-on-consent-and-cookies/ I opted to use javascript function. I have cookies registered and a proper consent has id "analityka".

So I added this javascript code

<script type="text/javascript">if ( ! has_consent( 'analityka' ) || ! is_allowed_cookie( '_ga' ) ) {
  window['ga-disable-UA-xxxxx-x'] = true; // Yes, I have proper identification code here
}</script>

And unfortunately, the Google Analytics cookies are not blocked and the error I see in the console is:

"Uncaught ReferenceError: has_consent is not defined"

So it looks like this function is not available? Am I missing some important step here?

Like other features, the download of user data should also need email confirmation.

Consider hiding the "Forget Me" button for lonely site admins.

I installed version 0.1.1 on a brand new site. I got a admin warning to define the the TOS and Privacy page in the settings but as I did not have either I went to create them. When saving the page I got the following php notices.

Notice: Undefined index: tos-page in gdpr/admin/class-gdpr-admin.php on line 682

Notice: Undefined index: pp-page in /app/public/wp-content/plugins/gdpr/admin/class-gdpr-admin.php on line 685

Warning: Cannot modify header information - headers already sent by (output started at gdpr/admin/class-gdpr-admin.php:685) in /app/public/wp-admin/post.php on line 198

Warning: Cannot modify header information - headers already sent by (output started at gdpr/admin/class-gdpr-admin.php:685) in /app/public/wp-includes/pluggable.php on line 1216

When the opt-in screen is displayed to a user who has just logged in - the user is still able to click top left to access their WP dashboard view and make use of any functionality available i.e. still able to use the site without agreeing to DP policy.

We can't send mass emails to everyone in the database when using the data breach notification.
Wondering what the best solutions might be.

A setting where you can input the number of emails per hour and work with cron jobs?

There's still a problem with it being flagged as spam.

When searching the "Requests Table" for an email that does not exist, nothing happens. We should add a message saying "No account found for [email protected]" or something along those lines.

Sites that have caching enabled causes preference updates to be ignored until cache is purged.

Rather than leave this empty by default, WordPress has the admin_email option, which is designated as the catch-all for contact to the site itself.

I think it's safe to use that email address if no other override address is set.

Is there a way to change the default labels of buttons created with the forms generated by the shortcode? For example, there is a text="Custom label" option for the shortcode that outputs the privacy center button, so is there some way to pass custom button label to the rest of the shortcodes?

I would be grateful for any guidance!

I installed this plugin in my local development environment to test it out for something else but coincidentally it conflicts with the plugin I develop (Post to Google My Business).

Whenever I create a new Google post through my plugin, it will start endlessly looping the same request to my API (and they get through to the API, but the local dev WordPress is stuck on a white screen, loading). I thought I had made a mistake somewhere in my development version, but then remembered I had installed this plugin and that it tracks outgoing requests from the server and figured it might be related. On the Telemetry tab I found 23 pages of errors like this:

`

Disabling the GDPR plugin fixed the issue with my plugin.

Is there something I need to change to my plugin to make it work with yours properly?

Here's the code i use for sending a post request to my API:

`
protected function do_post($endpoint, $args = array(), $json = false, $method = 'POST'){
$query_args['apiKey'] = $this->site_key;
$query_args['token'] = $this->token;
$url = add_query_arg($query_args, self::API_URL.$endpoint);

		$response = wp_remote_post($url, 
			array(
				'method' 	=> $method,
				'headers'	=> $json ? array('Content-Type' => 'application/json') : null,
				'body' 		=> $json ? json_encode($args) : $args
			)
		);

		if(is_wp_error($response)){
			$error_message = $response->get_error_message();
			set_transient('mbp_api_error', $error_message, self::ERROR_DURATION);				
		}else{
			$data = json_decode($response['body']);
			if(!isset($data->error)){					
				return $data;
			}else{
				if(is_object($data->error)){
					$error_message = nl2br($this->format_google_error($data));

				}else{
					$error_message = (string)$data->error;
				}
				
				set_transient('mbp_api_error', $error_message, self::ERROR_DURATION);
			}
		}				
	}

`

Hello,

the plugin is working fine butI have a small issue/question.
I use a security plugin that hide the standard administration path /wp-admin , /wp-login.php.
When I use the GDPR plugin and a user accept the consent or make a change on the cookies configuration the path website-address.xxx/wp-admin/admin-post.php is called.
Can I make something to change this so that I can keep the security config?

Thanks in advance

Seem to have a formatting issue currently....

Great to have a placeholder here. We should agree about what text goes there by default, and consider making this an external API call to somewhere it can be updated remotely.

From: darkmoonxarx

One of the challenges of GDPR is YouTube, facebook and instagram embeds, because they save cookies from external sources. In some cases a general “I understand” click at the beginning doesn’t suffice. So how about if your plugin could detect iframes and oEmbeds, replace them with a thumbnail with some legal info and don’t load them until they are clicked.
This is a plugin that does this with YouTube links: https://github.com/michaelzangl/wp-video-embed-privacy
Your plugin could go one step further and save the consent, so the user only has to click once. Also functionality for all oEmbeds, iFrames and potentially a shortcode to hide any type of content until permission is given would be awesome.

Maybe consider prettier admin notices, though this definitely gets the point across!

The string "Privacy Policy" on the pages Settings>Consent and account profile cannot be changed to other languages (within Loco Translate and translate.wordpress.org).

When you first install the plugin you get a message that says "You must select a Privacy Policy Page.". It would be helpful to include a link to the setting page where you can set this.

Hello,
I installed the plugin and it seams to work fine.
My question is following.
I create for the cookies a category "Performance" (always active = OFF) adding the names of the google analytics cookies separated by comma. ( _ga, gat, gid )
When I go to the page and change the setting of this cookies to on or off my browser cookies inspector still show that the cookies are loading...
Is this correct or should the cookies not load when the user deactivate them?
Is my configuration correctly with the cookie names? Or should I make some other configuration on the administration page?

Thanks for an answer.

Some cookies append a hash or an ID to the end of it. WordPress itself does this.

comment_author_{HASH}
comment_author_email_{HASH}
comment_author_url_{HASH}

It should look like comment_author* when registering and the plugin would look for plugins %LIKE% that and block or allow them.

If this just needs to be an email address, versus any other information, should we indicate that?

I'd like to see settings be settings, and use the settings API, and have "Consents" be its own screen where different consents can be managed directly.

(If I'm understanding the flow correctly.)