A question I have been asked a few times, is around plugins for GDPR.
As Joomla/Laravel/WordPress specialists, it would be great if you could provide a list of recommended plugins to help manage GDPR compliance?
Opt in to compliance
First to cover the ground work, that No plugin makes you GDPR compliant on its own. Compliance is a process and covers a few areas and the way you handle customers personal data company wide.
That said, some plugins do do a good job to tick some of the tasks off the list to being compliant. It is a changing and new space though, so keep up to date and watch for updates.
Wordpress GDPR plugins
GDPRplugin with Wordpress, and WooCommerce, MailChimp, Gravity From hooks. This plugin provides your site with a privacy dashboard that provides self-service tools to submit erasure requests, subject access request and give and withdraw consent. Also shows cookie popup, as well and updating the recorded data in the database.
WP GDPR COMPLIANCE PLUGIN GDPR compliant quickly, adds options to forms to opt-in. Allows visitor to request their personal data.
WP Security Audit Log Offers to track a log of activity on the website so it can be auditing and monitored for security issues. Remembering these may be by hacked accounts or compromised staff or even unindented change side affects.
Wordfence firewall to help with hacking attempts. (should have a server or network firewall too if you can.)
WP Security Audit Log logging for all actions on user data. This is good to be accountable for reviewing and monitoring breaches inside the application.
Cookie GDPR plugins
CookieBot Crawls website at regular interval to keep list of cookies updated for you. They are categorised and you can control which are pre ticked for the popup, where all are listed. As CookieBot scans your website a regular intervals, you may find you have added more than 100 pages and need to start paying level, so watch for email, if you have a smaller site.
Cookie Control by Civic Has a nice big clear message popup, that comes with a little triangle tag on the corner of each page. All JS and docs are clear for adding and removing different cookies. You do need to specify each one unlike say CookieBot.
Joomla GDPR Plugins
Data2.EU The data2.eu GDPR Tool for Joomla makes it easier to create a Processing Index. Walks through creating an index with suggestions.
Michael Richey has a range small Joomla plugins Some good Joomla guides and small changes here, for required fields and Google Analytics.
JA Joomla GDPR Extension This offers admin and intergration accross many other extensions, like JomSocial, EasyBlog and Kunena too allow managing and tracking user details for updae or deletion.
Laravel GDPR Plugins
We have not see anyone offering off the shelf plugins here yet to cover the same range that the CMS ones do. We do this sort of work custom for our clients, due to the nature of Laravel applications not being all the same structure a CMS someone is installing.
Talking to Andrew of gdprplug.in suggested to me than some of the code backing his Wordpress plugin is built in Laravel so maybe if there is enough common approach in the future we will see one extend to offer features.
Laravel GDPR export user data Some traits to add to the model object so it is easier to set up export of data for Right to Portability.
Fork of laravel-gdpr adds data anonymisation This adds more to trigger anonymisation of set fields either after a time period or trigger. As it is a fork of laravel-gdpr you would need to not use it together and check the overlap.
Add to Monolog so hashes email and IP Under GDPR storage of IP and private data should be tracked and limited in logs too. These processors will replace data with their SHA-1 equivalent, allowing you still to search logs.
Middleware to block EU IPs Laravel middleware that blocks EU-based IP ranges, so it is a rather drastic solution, but if you are outside the EU and need time to update an older app you might need.
gdprform This is a service that will give you a quick data capture form to collect and process requests from people, without the need to develop it yourself. Could you do it yourself with a form, yes, but to start quickly this works.
UPDATE: last updated August 1st.
Do you have a GDPR process that you still have questions about?
We can advise you on roadmap steps to production with done for you GDPR website upgrade.
Photo Credit: Photo by Mike Wilson on Unsplash