The General Data Protection Regulation (GDPR) is a privacy and security law that was drafted and passed by the European Union (EU). It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018.
GDPR is a complex subject for everyone. This document will provide clarification on how Business Directory Plugin users are affected by the GDPR and how the plugin handles the data according to the policy.
First, Business Directory Plugin is neither a data processor nor data controller, and we do not store nor handle any personally identifiable information for your site on our servers. That said, Business Directory Plugin captures data you control on your site, putting you on the hook for GDPR requests from your users.
WordPress provides some GDPR hooks for users who request the “right to be forgotten,” and Business Directory Plugin uses those WordPress hooks to integrate with your GDPR features provided by WordPress.
When a user requests a GDPR export by the site admin, the Business Directory Plugin includes the following WP information from our listings if they apply:
- Listings owned by the user, by default, the following listing fields are included (currently forced to be included when exported) according to associated theme tags:
- Title
- Website
- Phone
- Fax
- Address
- Zip
- Other fields can be included by setting the “This field contains sensitive or private information?” option when editing the field.
- Additional information:
- Listing images
- Listing attachments
- Payments made by user:
- Payment Transaction ID
- Payer email
- Ratings made by user:
- Rating ID
- Rating Author
- Rating Author Email
- Rating Author IP
- Rating Date
- Rating Value
- Rating Content
- Rated Listing (URL)
When users request data erasure, all the listed data above is removed, and listings and their data (post metadata), as well as payments and ratings, are removed from the database. Media and attachments files are removed from server folders.
PLEASE NOTE: If you have BACKUPS of your data, this removal in WP will not affect them in any way. You will need to remove any backups that contain this data as well to complete your GDPR request.
More information about the WordPress hooks can be found below (which should be integrated with if you are doing a custom plugin with Business Directory Plugin to be GDPR compliant):