As a responsible community administrator you must be aware of the GDPR law that will be enforced starting from May 25th 2018. This upgrade is not optional. It’s a MUST. It’s being forced by the EU law, and no, it doesn’t matter if you live in the USA or Canada. More on that in a moment, but first make sure to read the upgrade notes carefully.
Upgrades
For a quick and hassle-free upgrade:
- Go to the backend of your site > Dashboard > Updates (go here, instead of > Dashboard > Plugins, trust me)
- Select all PeepSo plugins that need to be updated
- Click โUpdate Pluginsโ (note: this will deactivate all of the add-on plugins), don’t worry, they’ll come right back on during Step 6 promise!
- Update PeepSo Core
- Go to the backend > Plugins
- Reactivate all PeepSo plugins
The whole operation doesnโt take more than 3 minutes. Should you have any issues or questions, please do contact us. ALSO IMPORTANT. We release all plugins at the same time. Sometimes, it can take some time for all available updates to show in the backend of your site. If some pluginsโ updates donโt show, wait. Just Wait. Donโt upgrade just some of them. Drink some coffee and wait. Your site needs to catch up to show them all. If you feel like itโs taking too long, contact us. Weโre here to help!
Alternatively, if you feel you can’t take the wait, you can go to your account, download the latest versions and do the following: Backup everything. Deactivate all PeepSo plugins from your site. Install the new versions from the zip files, just like on the first installation.
GDPR Compliance
Let me be perfectly clear about this. Upgrading to the latest 1.10.0 is NOT OPTIONAL. It’s a MUST. The very gist is: your users have the right to see what information is gathered by you on your site. They have the right to download the information you keep as well as the right to delete the information and their profiles. All that and more has been debated by the European Union for about 4 years and it is going to be enforced on May 25th 2018. Just a few weeks from now.
Let me quote a few questions from a FAQ that can be found on the official GDPR website. I’ll link to it below.
When is the GDPR coming into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018.Who does the GDPR affect?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the companyโs location.What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or โฌ20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.Full FAQ can be found here.
To sum it up in simple terms. If you have any visitors and / or members who are EU citizens you have 2 choices: One: Upgrade and sleep well at night knowing all is taken care of. Two: ignore the upgrade and the must-have features of this release and risk being fined. In the light of recent Facebook scandals, I strongly believe that this is the way to go. We pride ourselves in giving you and your users a safe space where people can feel free from the eyes of the big brother. This set of features is definitely the way to do it.
How Does It Work?
First and foremost, as you know very well everyone who’s using PeepSo can not only add content but also modify and delete it. We got you covered here out of the box. Same goes for profile deletion. On top of that, we already had the options for deciding what emails users want to get as well. That’s all nicely done. With this release we added the possibility for the members to download their profile information.
What information will be downloaded solely depends on the plugins you have installed. Quite obviously, if you don’t have Photos plugin installed and activated, no photos will be downloaded. Same scenario applies, if users haven’t uploaded any photos. I think you get the point.
Downloading User Data
Starts with a request that users can make from within their profiles: Profile > About > Account. On the bottom they’ll have the option to start an archive creation.
After clicking that the request gets recorded in the system. You can find requests in backend > PeepSo > Request Data page. The status of Success means the data is ready to be downloaded. The status of Ready means the data is ready to be processed and is awaiting the cron to execute.
After the cron has successfully executed, user will get email notification about the data archive being ready to download. Please note that this is our own template. You of course can modify your email templates easily in the backend. As well as the text of the email notification can be modified in backend > PeepSo > Configuration > Emails
And of course then users get taken to the Profile > Account and the download is awaiting there.
Cron Job
To be sure that the strain on your server is the lowest possible we’ve decided to run user data archive creation with a cron job. You can easily set one up with your hosting or a 3rd party cron job service. Just use the following:
wget https://www.yourdomain.com/?peepso_gdpr_export_data_event
It can run every 5 minutes and it should be fine. The timing is up to you, of course. You might want to contact your hosting for best cron practices too.
Already Lined Up GDPR Improvements
Although it’s still officially marked as a Beta, it is fully functional. The downloaded archive contains .json files that are easily machine-readable. That’s one of the GDPR must-haves. Even though .json files can be easily opened with pretty much any text editor, even a browser, in the upcoming 2 or 3 versions we’ll also improve the archive to contain the more human-friendly html files.
Same goes for handling the archives, we’ll add a solution for removing old archives to make sure your server gets cleaned up as well as a possibility to remove the archives by the users themselves. All that plus a couple of more that we already have lined up for 1.10.1 and 1.10.2 releases.
Other Improvements and Fixes
PeepSo UserBar widget has been given the option to display user dropdown menu so you can place it anywhere on the site. Depending on your theme you can even add it to a ‘sticky’ top position. That combined with the possibility to hide the native PeepSo navigation – which is also new and included in this version – gives very powerful UX/UI options. See our full changelog for the list of changes in this version.