Our plugins and GDPR

Like many other companies our focus right now is to prepare for GDPR which becomes enforceable on 25 May 2018. With this post we want to inform you as user of our plugins what we are working on, what changes are coming and what commitment we have as plugin developer towards you as user of the plugin.

New setting for integrity policy in WordPress

WordPress version 4.9.6 is set for release 17th May 2018. In the new version a new setting for integrity policy is introduced. The new feature makes it easier for you to add information regarding integrity on your website.

In the new function there is the possibility for installed plugins to add info to the integrity policy on how the specific plugin processes personal data. Our plugins will from 25th May support this feature and by that inform which data is sent between the web shop and payment system.

New setting for integrity policy in WooCommerce

WooCommerce is also working on a new version which will make it easier for you to comply with GDPR. WooCommerce version 3.4.0 is set to release 23rd May. In the new version it’s possible to add a short text about the web shops integrity policy which will be displayed next to the buy button on the checkout page.

Since we mainly work with embedded checkouts, where the buy button is located in the actual iframe (which the payment provider provides), this part of the checkout is normally not displayed. Our iframe based payment gateways will however have support to show this text on the checkout page by 25th May.

Features for exporting, deleting and anonymizing personal data

From version 4.9.6 WordPress will support exporting, deleting and anonymizing of personal data. Plugins like WooCommerce have, via different action filters, the possibility to add info regarding what customer data that is saved and make it possible to export, erase and anonymize this data. The data that Krokedils plugins processes is saved as regular customer data in the order and will therefore be a part of the data handled in the new feature offered by WooCommerce from version 3.4.0.

WooCommerce also introduces settings for how long orders and inactive accounts are to be stored before they are deleted automatically.

No data processing agreement with Krokedil

If you are wondering whether or not you need a data processing agreement with Krokedil when using our plugin in your web shop the answer is no. The plugin is installed in your web shop on servers you are responsible for. Krokedil never has access to data sent between your web shop and the payment provider.

Conclusion

To sum up this (hopefully) informativ and (probably) stiff article; this is what we’re working on and will have ready by 25th May:

• We add functions in our plugins that will add info via the hook wp_add_privacy_policy_content which can be used in you integrity policy.
• We add support for showing the short version of your integrity policy on your checkout page, since this is not automatically shown on the embedded checkout pages.

Good luck preparing for GDPR 🙂