General Data Protection Regulation (GDPR) is European Union law on data protection and privacy for all individuals within the European Union. We’ve assembled a brief guide on what sort of information you might need to add to your privacy policy to comply with GDPR when using our plugins.
Disclaimer: this post is by no means legal advice. If unsure, please seek professional consultation.
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
Read the full definition on Wikipedia.
Does GDPR Affect Me and My Website?
If your company is based in the European Union (EU), or you do business with EU citizens, the GDPR does affect you and your website so you need to comply. With that said, it would be a good idea to comply with the regulations regardless, as it’s possible countries outside of the EU will implement similar legislation in the future.
WP Review Slider Pro Plugin
The main concern with the WP Review Slider plugin is the storing and displaying of personally identifiable information. The plugin downloads the review text, the reviewers name (or username), date, star rating, and user avatar (only if caching is turned on) of each review and stores it on your server in your WordPress database.
For Downloaded Reviews: Even though the reviews are downloaded (and stored in your database) from publicly available websites, the person submitting the review may or may not have given other websites permission to use the review. It would depend on the original sites terms and conditions. If you have to comply with GDPR you may want to use the options in the plugin to not download the last name or at least set it to initial only. You may also want to turn off caching user avatars and maybe even hide them on the review template. When you turn on avatar caching the plugin downloads the image to your server. Leave it off and it is just a link to the original source, which is better for GDPR. Whatever options you use, you will need to specify exactly what information you store in your database and how you use that information in your privacy policy.
For User Submitted Reviews: When using the front end submission form, you’ll want to enable the “Consent” check box and make it a required field. The field description should say something like “Please consent to have your information being stored on our server and displayed on our site as per our privacy policy.” If you’re going to use the review in any other way (print ads, etc..) then you’ll also want to add that. It would also be a good idea to link to your complete privacy policy from the text for that field.
Remember it is up to each site to understand and comply with GDPR if needed.