GDPR

From PeepSo Docs
Jump to: navigation, search

GDPR Compliance

The very gist is: your users have the right to see what information is gathered by you on your site. They have the right to download the information you keep as well as the right to delete the information and their profiles. All that and more has been debated by the European Union for about 4 years and it is going to be enforced on May 25th 2018.

When is the GDPR coming into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018.

Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

How does GDPR works in Peepso Site?

First and foremost, as you know very well everyone who’s using PeepSo can not only add content but also modify and delete it. We got you covered here out of the box. Same goes for profile deletion. On top of that, we already had the options for deciding what emails users want to get as well. What information will be downloaded solely depends on the plugins you have installed. Quite obviously, if you don’t have Photos plugin installed and activated, no photos will be downloaded. Same scenario applies, if users haven’t uploaded any photos.

Downloading Userdata

Starts with a request that users can make from within their profiles: Profile > About > Account. On the bottom they’ll have the option to start an archive creation.

Peepso Docs - Export Download GDPR Data.png

After clicking that the request gets recorded in the system. You can find requests in backend > PeepSo > Request Data page. The status of Success means the data is ready to be downloaded. The status of Ready means the data is ready to be processed and is awaiting the cron to execute.

Peepso Docs - Admin Request Data.png

After the cron has successfully executed, user will get email notification about the data archive being ready to download. Please note that this is our own template. You can modify your email templates easily in the backend. As well as the text of the email notification can be modified in backend > PeepSo > Configuration > Emails

Peepso Docs - Gdpr Email.png

And then users get taken to the Profile > Account and the download is awaiting there.

Peepso Docs - Download GDPR.png

Setting Up Cron job

To be sure that the strain on your server is the lowest possible we’ve decided to run user data archive creation with a cron job. You can easily set one up with your hosting or a 3rd party cron job service. Just use the following:

wget https://www.yourdomain.com/?peepso_gdpr_export_data_event

It can run every 5 minutes and it should be fine. The timing is up to you, of course. You might want to contact your hosting for best cron practices too.

Peepso Docs - GDPR Cronjob.png