Three plugins for data protection compliance

The General Data Protection Regulation (GDPR) is an EU law that regulates the data protection of users in the European Union and also affects blogs, forums and online communities.

When a person registers on a website, they can do so using an alias or with their real name and surname. In addition, they often have to enter an email address to validate their user account and to receive future notifications. In order to prevent criminal behaviour, or to be able to identify the perpetrator, the IP addresses of visitors and users are also often logged. As we can see, there is a lot of personal data that we can store about the users who visit our online community and we have a legal obligation to protect it. In addition, we must also be aware of the rights that users have and be guarantors of their compliance.

Spanish legislation recognises, among others, the ARCO rights (Access, Rectification, Cancellation and Opposition) or, in other words, the rights that individuals can exercise over their personal data. Users have the right to access the data they have provided us with. They also have the right to rectify or correct any data that they consider to be erroneous. Cancellation implies the possibility of requesting the deletion of their personal data from our databases. In addition, they can object to the processing of their personal data, so during registration there must be an express and informed consent on the processing that will be made of the stored data.

In this article we offer you three add-ons that can help you comply with the General Data Protection Regulation.

'GDPR: Pseudo Username' by SoftCreatR

This plugin allows you to generate a random username for those users who decide to delete their account and who do not want their contributions to be associated with their nickname. In this way, those who use a first name or a recognisable username can anonymise their contributions when deleting their account. When a user asks for their contributions to be anonymised, using this plugin we can automatically assign them a new username using a list of adjectives and words resulting in a new user such as ‘RatonColorado534’.

Many administrators are faced with a request to remove a user's content when the user decides to leave an online community. In this regard, it should be noted that the General Data Protection Regulation does not require the removal of content (threads, posts, ...) published by users, as long as it does not contain personal data. And on many occasions, the elimination of this content can mean leaving a lot of topics in our forum orphaned or without a thread, as it will only be possible to read replies to messages that no longer exist. Therefore, offering to anonymise content, without the possibility of linking it to a real name or alias, can be a good solution for both parties.

In any case, this is a decision for each website and it is up to the website administration to decide what to do when a person requests the removal of their content, always giving a response in accordance with current legislation.

This is a paid plugin and is available from the WoltLab Plugin Store and the developer's own website.

'GDPR Data Export Frontend' by SoftCreatR

Article 20 of the GDPR/GPDR recognises the right to data portability. Thus, data controllers, i.e. website owners and administrators, are obliged to provide users with a structured, machine-readable copy of stored personal data upon request. WoltLab Suite Core currently has an option in the Administration Panel to export personal data, so that a copy can be sent to anyone who requests it via email.

This plugin allows users to export their personal data from their own user account, thus offering a more agile and transparent solution to the legal requirement imposed by the European standard.

This is a paid plugin and is available from the WoltLab Plugin Store and the developer's own website.

'Consent for advertising / paid subscriptions' by Darkwood.Design

Surely you have seen more than once those ads that offer you to pay a subscription in exchange for not seeing advertising on the web or reject third party cookies. This plugin allows you to display a similar ad in your community fully compliant with the GDPR, according to its author. This is known as the ‘consent or pay’ model.

This add-on disables advertisements and external scripts until the user gives consent. It works through WoltLab Suite Core's default paid subscriptions, although it also has its own solutions based on user groups, and the text displayed to users is fully customisable and adaptable to each website.

This is a paid plugin and is available from the WoltLab Plugin Store and the developer's own website.


If you are hesitating about where to buy the plugins we recommend, you should know that usually the developers' websites offer a cheaper price than the WoltLab Plugin Store, although if you are a WoltLab Cloud customer you will have to buy them from the WoltLab shop.

Comments