GDPR option

SupportGDPR option
j.c._de_vlaming Staff asked 6 years ago
Hey, There seems to be a problem with the 'responsive' layout of the GDPR related checkboxes? Also, with the last update there doesn't seem to be an option to control the data retention (which would be really helpfull). As a final two small usability inducing tips:
  • For the 'select-navigate-to' boxes, add an auto-complete option with your current pages (should be retainable from wp itself)
  • Add the saved data to the wp-personal information cache, this is one of the newest options added to WordPress to make data-controll easy. (there is a fast option for deleting/editing the data if nesseccary.
again, thanks in advance
4 Answers
j.c._de_vlaming Staff answered 6 years ago
It seems like the image is corrupted, so here is another attempt (too bad you cannot edit anything btw)
j.c._de_vlaming Staff replied 6 years ago

It seems like this is a bug of the forum itself? I used a Base64 image to embed it in the post (as the buildin image takes a hosted image rather than an uploaded).
Basically when entering such an image you put something like:

Sadly this forum trims the ‘data:’ prefix from the image source, making it unrecognizable for the webbrowser. (e.g. it would make it look like:)

If you add the prefix yourself it will show the image again (though it will require you to go into developer/editor mode).

Nikola Loncar Staff answered 6 years ago
Hi, thanks for info it will be fixed. It is missing word wrap. Best regards, Nikola
j.c._de_vlaming Staff replied 6 years ago

That’ll do as well indeed 😀

Any information about the data-retetion control?

maella_caro Staff replied 6 years ago

Yes same questions. Is the plugin GRPD ready?
If yes how do you deal with this major option?

Thanks

Nikola Loncar Staff replied 6 years ago

All client data is stored within Appointments. By managing Appointments you can control the data of users. There is no centric storage of customers inside plugin.

Best regards,
Nikola

j.c._de_vlaming Staff replied 6 years ago

That’s what we found out indeed. Though in order to make things GDPR ready there needs to be extended control over client data.

Since the plugin only needs an appointment-id, the time-data and at most a valid email addres to make all the synchronization/logic work, there should be an option to control the retention of the remaining data (e.g. name, phone number, any custom fields etc.).

I noticed that WordPress has published an API for personal data control, maybe it is an option to hook into that system? Otherwise, the instalment of a cron-job, which removes additional/extra data would suffice the requirements IMO. (setting it to 5 min. vs. every weekend is a personal option in that case).

I would love to hear your thoughts about this!
Regards,

Nikola Loncar Staff replied 6 years ago

Hi, you want to remove other information from custom fields? Data from customers is inside Appointments, so maybe adding more convenient way of handling that data by filtering via email, exporting, altering etc.

Best regards,
NIkola

j.c._de_vlaming Staff replied 6 years ago

I don’t think the email/export is the problem (as we can control what will be send already). The main problem is the data retention by EA itself.

Basically there are multiple types of data which should be handled in different ways. There is non-personal data (which may be used by everyone).
Than there is personal data where the GDPR is in effect.

By law there is a set retention-time for each specific personal-data type which we have to comply with. For personal data that usually means that we either need to ask for permanent storage, or have a data-retetion policy in place (which is the main request here!!).

To make this feature totally complete we should note that different personal-data requires different retention times. For transaction-related data for example the usual retention-time is 7-10 years (for tax-control etc.), while for an email/phone number or (to make it interesting) medical information, the retention-time should be way shorter.

Maybe as an additional reason as to why this is important, personal-data should always be protected by certain standards (high level of encryption, double verification acces etc.). Since I don’t think the implementation of these standards are that easy to achieve, the first alternative is to add a retention mechanism (preferably with an auto-export option) so EA doesn’t hold the responsibility of data-retention safty.

Nikola Loncar Staff replied 6 years ago

You are right, export of data is and cleaning the old appointments make sense. Regarding data-retetion I have similar thing on site here. Every form that is submitted is kept for only 2 hours. So you would like to have option to select custom fields and interval when it will be removed?

Best regards,
Nikola

j.c._de_vlaming Staff replied 6 years ago

That would be verry helpfull indeed. If (optionally) old appointments can be cleared as well, this plugin would make the perfect planning app for me (technical wise, skinwise Im curious what additions will come in the near future 😉 ).

ps. If you need help with designing, feel free to ask btw.

Nikola Loncar Staff replied 6 years ago

Can you tell me what part of design are talking about. Any help is more then welcome 🙂

Best regards,
Nikola

j.c._de_vlaming Staff answered 5 years ago
Sorry to bump an old question, but is there any developments regarding data retention? (with the newer versions I have not seen any changes/options regarding automating that process)
Nikola Loncar Staff replied 5 years ago

Hi, you want to limit how long data are stored? Can you give some example how that should look like.

Best regards,
Nikola

j.c._de_vlaming Staff replied 5 years ago

As it may differ from implementation to implementation of what should be retained, I would add a choice of which data should be removed and how long after the last appointment.

For your app to function properly you need all the data fields, until the appointment date. After that your app doesn’t have any use for it anymore, so that should be time-0.

So I would imagine a configuration which gives the options to:
– never remove data
– remove data immediatly after the appointment
– at a given time after the appointment (say 1 day; 7 days; 3 weeks etc.)
– at a given point per day/week/month/year (every evening at 20:00; every monday at 8:00; every second thirsday of the month at 12:00 etc.)

So to give it a visual perspective there are multiple ways to achieve this. Fast solution would be to add a table with every type of selected data (email, appointment time, appointment booking time, custom fields etc.), after each type a column with retention rules (one of the mentioned above).

A more fancy solution would be to add a table which contains data-groups. Each group contains the data types, and a retention rule (one of the mentioned above).

If you have questions regarding the example described above, feel free to ask

(ps. with a table I mean the data-structure, feel free to be creative with the visual stuff 😛 ).

j.c._de_vlaming Staff answered 5 years ago
Sorry for bumping this question again, but might it be that no notification is send when replying to a reply? As I haven't had a reaction for a while again now. (kinda wondering why you are not using something like gitlab for this, as it makes things easier for both parties). Anyways, would love to hear your reaction to the problem stated above
Nikola Loncar Staff replied 5 years ago

Hi,

that is in plan to add. For example on EA demo pages there is cron that deletes appointments data after 15 minutes. I have one question or suggestion. That will be to have that action trigged by admin user. Something like delete appointments data older than , ,… etc.
If you want to have thing that you suggest that will require cron execution and deletion without user knowing.

Best regards,
Nikola