GDPR Support

[danieliser]

Based on my own guide so far: https://danieliser.com/practical-guide-to-gdpr-compliance-for-wordpress-plugin-and-theme-developers/

• [x] Detect if GDPR plugin/functionality is active. If so enable by default, if not add a setting in PM -> Settings to enable manually.
• [x] Privacy policy guide text addd.
• [x] Checkbox added to subscription forms.
• [x] List all data stored on user from PM (subscription form submissions).
• [x] Methods to clean subscription data.
• [x] Notifications of what we use data for, cookies etc: https://github.com/easydigitaldownloads/easy-digital-downloads/issues/6530
• [x] Anonymize user data: https://github.com/easydigitaldownloads/easy-digital-downloads/issues/6502
• [ ] Add cron job to check for un-erased data, retest and delete it properly. Update notice for such occasions.
• [ ] Look at adding support for 3rd party cookie consent plugins.
  • https://www.cookiebot.com/en/help/

[fpcorso]

@danieliser It appears there are two items left unchecked for this. Do you think we should still support 3rd party cookie consent plugins?

Also, do you think we should still build out the cron job system?

[danieliser]

@fpcorso Actually I do think the cron is needed. I have found a few sites where the erasure request routines were not finding all results or would fail to delete ours among the rest.

1. We need to retest the normal erasure routine, ensure that we are getting it all from subscribers table.
2. We could to schedule an async cleanup action to ensure that data is in fact gone.

What I think happens is that the process can time out if a lot of processes are taking place during that erasure. When that happens if we scheduled a cron with that users email etc, we can call for an async cleanup at the first opportunity.

[danieliser]

For cookie consent, againi would love to do this out of the box, but there are quite a few and they all do things differently. Only one that I've found truly blocks cookies.