Disclaimer: Please note that this content is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organisation. We encourage you to work with a legally qualified professional to discuss GDPR and how it applies specifically to your organisation.

From May 25, 2018, the European Union is introducing new regulation called General Data Protection Regulation (GDPR) that affects the way personal data is collected and processed. You can get all the details about GDPR here.

In short it makes the process of personal data collection and processing more transparent to the individual. If data is being collected and stored, the individual providing the information needs to be aware of it and give permission before any action is taken. Generally, GDPR requires site owners to adhere to a set of rules, when it comes to how personal data is handled and stored.

GDPR and Users Insights

First of all, since Users Insights shows user data from many different sources, including WordPress core and other plugins, it is important to understand where this data comes from and how Users Insights handles this data.

There are three types of data that Users Insights reports:

  • WordPress core data, such as name and email
  • Supported plugins data, such as WooCommerce orders or BuddyPress profile data
  • Users Insights data, such as geolocation and last seen

Now let’s take a look at how each of these types of data are handled by Users Insights.

WordPress core data

Users Insights directly reads the available WordPress core data from the database. It does not make any copies of this data in other tables and it does not send this data to any external services. This means that the WordPress core is responsible for providing GDPR compliance tools to handle the personal data that it stores by default.

Supported plugins data

Similarly, for 3rd party plugins, Users Insights directly reads the data that is stored in the WordPress database. Users Insights does not store any copies of the data in other database tables and it does not send this data to any external services. Therefore, GDPR compliance of the 3rd party plugins user data is a responsibility of each of the plugins respectively.

This is probably one of the main advantages of using Users Insights. Unlike other solutions, that send copies of the plugin data to their own servers, Users Insights only reads the existing data directly from the WordPress Database. Nothing more.

Users Insights data

Users Insights can also optionally store some user related data, depending on which modules are active and which features you are using:

  • Geolocation data – IP based geolocation, which stores the following data: country, city, region, coordinates (used in the maps) and hashed IP address (used to check for IP address changes). When Geolocation is active, the plugin will send a request to the usersinsights.com Geolocation services, containing the IP address of the user, in order to detect the user location.
  • Device data – browser name, browser version and platform
  • Activity data – last seen date and sessions
  • Page views data
  • User groups
  • Custom fields
  • Notes

All of these elements are optional and it’s up to you to decide whether to make use of them or not.

It is important to mention that not every element is considered personal information or personally identifiable information.

In many cases, that would depend on your specific use-case. For example, if you are using using user groups, such as “lead” or “beta tester”, it’s most likely that this data is not considered personal information. However, if you are using custom fields to store the user’s age or phone number, this is personal information that should be handled according to the GDPR rules.

We recommend consulting with a lawyer to assess what kind of data each element stores on your site and whether this data will be considered as personal information.

Users Insights 3.6.3 ships with GDPR tools to handle the Users Insights data. In order for these tools to be available on your installation, you need to have WordPress 4.9.6 or newer installed, which supports the WordPress core privacy tools. In the following sections, we are going to describe each of these tools in detail.

Personal data exporter

WordPress 4.9.6 comes with a Personal Data Exporter tool, that allows exporting all the available personal data of a selected user. You can configure Users Insights to add its data to the export file from the Users Insights -> Module Options -> Privacy section. By default the geolocation, device info and activity data will be included (when existent). However, you can change these settings based on your specific use of these elements:

Users Insights personal data export settings

The following screenshots illustrates an example of the Users Insights data from the generated export file. As you can see, we have selected to export the data from all the user detection modules (geolocation/activity/device info), as well as user groups, custom fields and notes.

GDPR export

The export file only includes the data that is stored for this user and that is selected to be exported in settings. Therefore, if for example, there is only device stored for the selected user, only this information will be included in the export file:

GDPR export - selected fields only

You might have noticed that there is an option to export the “Hashed IP address” of the user, so let’s see what this means. When you have the Geolocation module active, Users Insights stores the user IP address in a hashed format, so that it can only make a geolocation request when the user IP address changes. The hashed IP address is non-readable and looks like this:

f528764d624db129b32c21fbca0cb8d6

that’s why it is by default excluded from the export file, however you could include it if you wish to.

Personal data eraser

Another privacy tool that ships with WordPress 4.9.6 is the Personal Data Eraser. As its name implies, it allows removing the personal data of a selected user. This is different from user deletion, since the user will still exist in the database after the erasure request is completed. The goal of the erasure is to remove any existing personal data associated with the selected user.

Users Insights allows you to select which Users Insights data to be deleted upon a Personal Data Erase request. By default, the geolocation, device info and activity data will be removed (when they exist), however you can configure this in the Users Insights -> Module Options -> Privacy section.

Users Insights personal data erase settings

Once the erasure is completed, you should see the details for all the items that have been removed or retained based on your settings:

GDPR - erase personal data

It’s important to mention that, at the point of writing, custom fields with type “Date” are not removed. This is because date fields are read-only in Users Insights, which means that they are not populated from the Users Insights interface, but from another code, such as a 3rd party plugin. Therefore, the code that populates these fields is responsible of handling the erasure of this data.

Privacy policy page suggestions

WordPress 4.9.6 also provides the tools to setup a privacy policy page which by default includes some suggested texts based on how WordPress handles privacy. WordPress also allows plugins to add their own suggested privacy texts and Users Insights includes its own section with some suggestions.

In this section, Users Insights suggests including the detection and storing of user data, when any of the Geolocation, Device Detection, Page Visit Tracking or Activity modules is active. You also need to state the reason for detecting this data. Users Insights cannot suggest the reason for you, since every site has a different reason for collecting this data. If you do not have a good reason for using Geolocation, Activity and Device detection, we recommend keeping the corresponding modules inactive.

It’s also important to mention that it is highly recommended that you consult with a lawyer when creating your privacy policy page.

User detection filters

Geolocation, Activity and Device detection modules

If you are using any of the Geolocation, Activity and Device detection modules and you need to disable the data detection of these modules on per user basis, you can use the usin_detect_user filter. For example, if you have implemented a functionality on your site, that stores the date when each user has given consent according to your privacy policy page, you might want that Geolocation, Activity and Device detection work only for the users who have given this consent. If, for example, your site stores the consent confirmation as user meta, you can use the usin_detect_user filter to disallow user detection for all the users who do not have any data stored in this field. Please note that this filter does not apply to the Page Visit Tracking functionality – for that you need to use the usin_should_track_visit  filter that we have described below.

The  usin_detect_user filter filter accepts two parameters:
  • $should_detect  – boolean stating whether any data should be detected for this user. By default it’s true when any of the Geolocation, Activity or Device detection modules is active and false otherwise
  • $user_id  – the ID of the current user

The following example illustrates deactivating user detection for users who do not have any value with key “consent_given” stored as user meta.

Important: We recommend adding the filter code to a plugin, instead of your child theme. That’s because this filter runs on the WordPress “wp_login” and “set_current_user” hooks, which in some cases, such as in the admin dashboard are executed before loading the theme files and in cases like this, your code will not be executed. Since plugin files are loaded before theme files, adding the code to a plugin, would ensure that it is executed.

Page Visit Tracking module

If you are using the Page Visit Tracking module, you can use the usin_should_track_visit  filter to control the recording of the visit. The filter passes the following parameters:

  • $should_track  – boolean stating whether any data should be detected for this user. The value of this parameter is determined based on your Page Visit Tracking module settings.
  • $user_id  – the ID of the current user
  • $post_id  – the ID of the current post

Similarly to the previous example, you can deactivate page visit tracking for users who do not have a user meta key with “consent_given”: