GDPR Compliance

[raamdev]

There are a few things that need to be done to make Comment Mail GDPR-compliant. This GitHub issue exists to track the requirements and any associated discussion.

---

Here's a quick summary of items that likely affect Comment Mail:

Three elements of this: Right to Access, Right to Be Forgotten and Data Portability.

• The right to access provides users with complete transparency in data processing and storage – what data points are being collected, where are these data points being processed and stored, and the reason behind the collection, processing and storage of the data. Users will also have to be provided a copy of their data free of cost within 40 days.
• The right to be forgotten gives users an option to erase personal data, and stop further collection and processing of the data. This process involves the user withdrawing consent for their personal data to be used.
• The data portability clause of the GDPR provides users a right to download their personal data, for which they have previously given consent, and further transmit that data to a different controller.

---

• [ ] An option that allows a site owner to enable GDPR-compliant settings in the plugin
• [ ] GDPR Enabled: All subscriptions should be opt-in only and it should not be possible to opt visitors into subscriptions by default (visitors should be required to click a checkbox to indicate they want to opt-in to the subscription when GDPR is enabled).
• [ ] GDPR Enabled: Comment Mail-related emails should have a link that allows subscribers to erase all data related to their email address.
• [ ] GDPR Enabled: Comment Mail-related emails should have a link that allows subscribers to view/download all subscription data related to their email address.
• [ ] GDPR Enabled: Checkbox on comment form that asks commenters to agree to a privacy policy (see this comment)

[mundschenk-at]

There should be admin involvement in total deletions (or at least there has to be a log of the deletion) so that you can prove a user had previously opted in before deleting all their data. Otherewise you'd have a problem that you didn't send unsolicited mails to those users.

[mundschenk-at]

@raamdev Any news on this?

[wyse92]

Well, no news about update, GDPR is starting tomorrow, and less one day for testing, this is a problem...

[mundschenk-at]

@clavaque Will you be working on Comment Mail (Pro) again or is this plugin officially dead?

[mundschenk-at]

@raamdev @clavaque Is anyone still working on this project?

[raamdev]

@mundschenk-at I'm no longer working on this project, but @clavaque has taken it over so I'll leave it up to him to share his plans for it / current status.

[mundschenk-at]

@mundschenk-at I'm no longer working on this project, but @clavaque has taken it over so I'll leave it up to him to share his plans for it / current status.

Unfortunately @clavaque does not seem to care and does not answer support emails either.