The General Data Protection Regulation (GDPR) is coming into effect 25 May 2018. In this guide, you will learn some tips on how to get your site GDPR compliant if you are using When Last Login. This guide won’t cover all the steps to make your entire site GDPR compliant and will solely focus on When Last Login and GDPR.
*Please Note: We are not a law firm, these are suggestions to help you comply with GDPR and we advise seeking legal counsel if you are concerned about GDPR and your website.
What is GDPR?
“The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.” – Wikipedia explanation.
Summary of GDPR:
- Store only information that your website really needs.
- Tell user’s why you are collecting their information
- Anonymize data where possible if you have to store it.
- Better security when storing information of users.
- Clear consent for storing user’s information, including signing up for your mailing list.
- Remove data when it’s no longer needed.
- Notify user’s if your website’s data have been compromised.
- This will effect sites outside of EU that store EU citizens data.
New When Last Login Installations
If you have recently installed When Last Login for the first time, you have little work to do. Since version 1.0 of When Last Login, we anonymize IP addresses before storing them which is anonymizing information that may be considered as identifiable.
As your site grows in age, you may or may not collect user login records, anonymized IP addresses and so on. Be sure to clear this data regularly if you don’t need it.
We’ve built in tools which can be found under ‘When Last Login‘ -> ‘Settings‘ to automatically remove IP Addresses, Login Records older than 3 months or All Login Records ever recorded.
Although this information may not be considered personal information, such as what time a user logged-in, we thought it would help to have the tools available and don’t need it than need it and don’t have the tools available.
Existing When Last Login Installations
Existing user’s for When Last Login will need to make sure their data stored from When Last Login is no longer considered personal information. Rather be safe than sorry right?
If you never turned on IP tracking, you don’t have any work to do. However, to be safe simply navigate to ‘When Last Login‘ -> ‘Settings‘ and under tools select ‘Clear IP Addresses‘. This will try to clear any When Last Login stored IP addresses that you may have stored.
Well as mentioned above, we’ve got some tools to help make this possible for you. Here are the steps you may take to ensure you are not storing the user’s “real” IP Address. The IP address will be stored in two locations, unless customizations have been done:
- Inside user meta.
- Inside the login records.
Please note that this method, will make you lose some data but not all of your data. It tries to clear up data that will be considered identifiable. Navigate to ‘When Last Login‘ -> ‘Settings‘ and under ‘Tools‘ select ‘Clear IP Addresses‘. This will delete all stored When Last Login IP addresses of your users stored in the user meta.
To clear the login records, navigate to ‘When Last Login‘ -> ‘Settings‘ and under ‘Tools‘ select ‘Clear All Login Records‘. This will delete the All Login Records from your site as the IP addresses will also be stored as post meta for these records. This may effect your login statistics especially if you are using the User Statistics Add On.
Alternatively, if you just want to remove the IP addresses from your login records and not the records itself you may use the following SQL code to clean this up (be sure to have a database backup before running this script):
That’s it! Keep your user’s data safe
Just to recap what’s covered in this article, you will learn how to clear up existing data that is considered identifiable and have the new available tools to clear stored data when needed. We suggest in using WordPress 4.9.6 with When Last Login as we have integrated with the new privacy features to make it easier for you.