So far this year, data has been big news if you’ve followed the events of the Facebook and Cambridge Analytica story. On 25 May 2018 the General Data Protection Regulation (GDPR) will become enforceable, a regulation that was created on 14 April 2016. You may have already received emails from mailing lists asking for your permission to keep sending to you and this is a result of GDPR becoming enforceable.
Part of GDPR that you may be less aware of though is the right of access (Article 15) which means that people are able to request all of the data that a company holds on them. So if you receive a phone call or an email from somebody asking to see their data, what do you do? First of all, most websites now run on a CMS (Content Management System) so this data could be stored in a number of places within the websites database, meaning that this data usually can’t be retrieved easily. Also you need to make sure that you include all of the data and don’t miss any of it, otherwise this could be seen as hiding it from the requester.
So what kind of data is needed?
The data that needs to be provided to the requester is anything that is personally identifiable. This includes but is not exclusive to data points such as:
- IP Address
Also any data attached to these data points should in our opinion be included, this is because we are effectively saying that the person requesting their data, is the owner of that data. We are just holding and processing it for them. Therefore if they wished to amend their data, or delete it entirely, GDPR empowers them to be able to request this.
How do we collect all of this data into a single report then? Well we've been working on a solution that we have built within Craft CMS. This means that any website running on Craft will be able to use our solution, provided the plugin has been installed.
We started out by creating a new area of the CMS which only site admins can access where an email address can be submitted. Next a database query runs which searches for member profiles, commerce orders, form submissions and authored entries attached to that email address.
When all of this data is returned we display this within the CMS and present options so that it can be either downloaded as a PDF or sent in PDF format directly to that person's email address. This allows a data report to be generated by a site admin user for any email address.
The page displaying the returned data can then be used by the site admin to check the data before sending it to the requester. This means that if it is empty and no data has been returned, there is no point in sending an empty PDF so a more simplified response can be supplied to the requester at the site admins discretion.
Currently this data report can only be generated by a site admin through the CMS when they are logged in. However this code could easily be adapted to add a front end form to the website where site visitors can enter their email address and download a full copy of their data themselves without having to contact the owners of the website. This however then raises a few concerns for us.
We want to make it easy to access data for the person who owns it, but what we don’t want to do is allow anyone to download data if it doesn’t relate to themselves. We can’t really put this form within an account section of the site because data collected via guest checkouts and form submissions doesn’t require the user to be logged in at that point in time. This would be a barrier where people would assume you need to then sign up to download a data report which is entirely against the spirit of empowering the site visitor.
What we could do however, is have a public form where the data isn’t downloadable but instead it is sent directly to the submitted email address. To reduce the possibility of spamming someone we would need to introduce some checks but for now we have left this as an admin only tool which can be used if anyone phones and asks for their data, or submits an entry via the contact form.
The whole spirit of GDPR and its related emails we have all been receiving is to empower people to have more control and visibility of their data. The rules put in place mean that you shouldn’t be getting added to mailing lists without your permission, you should be able to see what data a company holds on you, and you should be able to instruct that company to remove the data if desired.
In creating this solution we’re only focussing on one element of this legislation instead of trying to solve all of it in one go. We hope that it helps you improve your own understanding of GDPR and find your own solutions to some of the questions it has raised around how data is treated.
If you’re a developer or an agency reading this and you’re interested in what we’ve created then you can find it on GitHub (Craft 2 Version) for use in your own projects.
Currently the GDPR Data Report plugin we have created is only available for Craft 2 but we will also be creating a Craft 3 version soon.