A question I have been asked a few times, is around plugins for GDPR.
As Joomla/Laravel/WordPress specialists, it would be great if you could provide a list of recommended plugins to help manage GDPR compliance?
Opt in to compliance
First to cover the ground work, that No plugin makes you GDPR compliant on its own. Compliance is a process and covers a few areas and the way you handle customers personal data company wide.
That said, some plugins do do a good job to tick some of the tasks off the list to being compliant. It is a changing and new space though, so keep up to date and watch for updates.
Our recommendation and practice so far in consultations, is to start with abstracting as much of the user process and consent as possible to allow security and change. In this we start with a Javascript option, and get under control and managed the list of 3rd party and personal data sources on the front of the website then work backwards from your database user data out in code to connect and manage that data and join the services in the middle.
"What gets measured gets managed"
Javascript Cookie GDPR packages
CookieBot Crawls website at regular interval to keep list of cookies updated for you. They are categorised and you can control which are pre ticked for the popup, where all are listed. As CookieBot scans your website a regular intervals, you may find you have added more than 100 pages and need to start paying level, so watch for email, if you have a smaller site.
CookieConsent by Insites Simple popup with some code configurable options. If need to tie in other services with cookies not loading before, you can nest them in the code check.
Cookie Control by Civic Has a nice big clear message popup, that comes with a little triangle tag on the corner of each page. All JS and docs are clear for adding and removing different cookies. You do need to specify each one unlike say CookieBot.
GDPR Cookie Law A jQuery plugin that allows a light weight notice to popup and be styled.
Does your business website have GDPR process that you still have questions about?
We can advise you steps to production with our done for you GDPR website upgrade service.
Laravel GDPR Plugins
We have not see anyone offering off the shelf plugins here yet to cover the same range that the CMS ones do. We do this sort of work custom for our clients, due to the nature of Laravel applications not being all the same structure a CMS someone is installing.
Talking to Andrew of gdprplug.in suggested to me than some of the code backing his Wordpress plugin is built in Laravel so maybe if there is enough common approach in the future we will see one extend to offer features.
Laravel GDPR export user data Some traits to add to the model object so it is easier to set up export of data for Right to Portability.
spatie/laravel-personal-data-export as Zip Makes it easy for a user download an export containing all the personal data.
Laravel Cookie Consent This is another package form the prolific Spatie agency with Open Source packages, they started it as a cookie law plugin, but it can be integrated into GDPR use in your Laravel App, with client and server side changes possible.
Fork of laravel-gdpr adds data anonymisation This adds more to trigger anonymisation of set fields either after a time period or trigger. As it is a fork of laravel-gdpr you would need to not use it together and check the overlap.
Add to Monolog so hashes email and IP Under GDPR storage of IP and private data should be tracked and limited in logs too. These processors will replace data with their SHA-1 equivalent, allowing you still to search logs.
Middleware to block EU IPs Laravel middleware that blocks EU-based IP ranges, so it is a rather drastic solution, but if you are outside the EU and need time to update an older app you might need.
GDPR Conset tracking Keeping track of consent events in light package.
Right to be forgotten and test db prep with Forget-DB from Owen Melbourne, help you anonymise/pseudonymise data within your database to support protecting either sensitive information (if you want to copy a db for testing and remove change sensitive user data). Also peoples right to be forgotten with GDPR compliance, if you run it with a few id or email addresses that have made offical requests.
Wordpress GDPR plugins
GDPRplugin with Wordpress, and WooCommerce, MailChimp, Gravity From hooks. This plugin provides your site with a privacy dashboard that provides self-service tools to submit erasure requests, subject access request and give and withdraw consent. Also shows cookie popup, as well and updating the recorded data in the database.
WP GDPR COMPLIANCE PLUGIN GDPR compliant quickly, adds options to forms to opt-in. Allows visitor to request their personal data.
WP Security Audit Log Offers to track a log of activity on the website so it can be auditing and monitored for security issues. Remembering these may be by hacked accounts or compromised staff or even unintended change side affects.
Wordfence firewall to help with hacking attempts. (should have a server or network firewall too if you can.)
WP Security Audit Log logging for all actions on user data. This is good to be accountable for reviewing and monitoring breaches inside the application.
UPDATE: On May 17th, Wordpress released an update that added Privacy to comments, privacy policy links on forms, data export screen and data erasure. WordPress 4.9.6 Privacy and Maintenance Release
Joomla GDPR Plugins
Data2.EU The data2.eu GDPR Tool for Joomla makes it easier to create a Processing Index. Walks through creating an index with suggestions.
GDPR from stoe jExtensions fairly complete suite of tools in a paid component. Blocking, logging, exporting, plenty there to learn from, including the demo.
Michael Richey has a range small Joomla plugins Some good Joomla guides and small changes here, for required fields and Google Analytics.
JA Joomla GDPR Extension This offers admin and integration across many other extensions, like JomSocial, EasyBlog and Kunena too allow managing and tracking user details for update or deletion.
Other mentions
gdprform This is a service that will give you a quick data capture form to collect and process requests from people, without the need to develop it yourself. Could you do it yourself with a form, yes, but to start quickly this works.
UPDATE: last updated 3rd May 2021.
Photo Credit: Photo by Mike Wilson on Unsplash