Only a few weeks from now, the new General Data Protection Regulation will come into force. May 25, 2018In this post, we'd like to show you what we've changed on our blog so far. This post will be updated regularly.
DisclaimerThis article does not constitute legal advice. We have studied the subject matter extensively, but errors cannot be ruled out. We are not data protection experts or lawyers. We cannot guarantee its accuracy, completeness, or timeliness. We assume no liability.
Comment function
By default, WordPress stores the IP address, name, email address, and optionally a website when a comment is left under a post. This is considered personal data according to the GDPR. The email address and name are treated as general personal data. The IP address falls under the heading "Online Data."
Since we no longer need the IP address, we have decided to stop saving it. Normally, the IP address is saved if, for example, racist statements are made in a comment. Before comments appear on this site, they must be approved by an administrator. Saving an IP address is therefore unnecessary.
By inserting this code into the file functions.php, WordPress does not save the IP address:
function wpb_remove_commentsip( $comment_author_ip ) { return 'IP will not be saved.'; } add_filter( 'pre_comment_user_ip', 'wpb_remove_commentsip' );
Additionally, we've removed the "Website" field. All entries in the comment form are now voluntary. If no name or email address is entered, "Anonymous" will appear as the name. Before comments can be published, visitors must check a box. This consents to the storage of the provided data. The result looks like this:
In WordPress, comments appear to administrators like this:
Newsletter
Anyone who wishes to subscribe to the newsletter must now consent to data storage by checking the box. For our newsletter, only the email address will be stored until the user unsubscribes. The user will also be informed how to unsubscribe from the newsletter. The sign-up button further reassures that the service is free of charge. Data will never be shared with third parties on Medtech-Ingenieur!
SSL encryption
Medtech-Ingeneur now has SSL encryption. This will be mandatory under the GDPR. All data transmitted via our contact forms, for example, is now encrypted. This can be identified by the abbreviation "https://..." or by the browser extension "secure."
Contact / application form
We've also added a checkbox to our contact and application forms. Users are informed about which data will be transferred to and stored on our mail servers. Messages can, of course, only be sent after genuine consent has been given. All data is deleted once contact has been made with the user. Thanks to the aforementioned SSL encryption, all data is transmitted securely.
Cookie Bar
Our website uses cookies for spam protection and primarily for administrator purposes (e.g., to stay logged in). A cookie bar at the bottom of the screen informs our users about the use of cookies and the purposes for which they are used. Two links in the privacy policy provide detailed information about what cookies are and what they are used for. Clicking the "Accept" button will remove the cookie bar.
Gravatar
A Gravatar is an avatar that appears next to written comments. For each email address, either a unique Gravatar is created or a personalized avatar is obtained from the Gravatar homepage. The user's email address is therefore sent to a third-party server for data synchronization. While Gravatars look nice, they don't offer any other special features. Therefore, the Gravatar has been replaced with a static avatar.
Google Analytics
Previously, we used Google Analytics to compile statistics about our website. The data was stored by Google. While it is possible to continue using Google Analytics by entering into a data processing agreement, we prefer to store the data on our server. This way, we know exactly what data is stored and how and when it is deleted. The new plugin we are using is "WP Statistics." This plugin stores visitors' IP addresses. encrypted and these cannot be decrypted. Geodata analysis is completely disabled. All data is stored 100% in the WordPress database and is automatically deleted after 365 days. The plugin is very clear and displays all data in attractive charts.
Social media buttons
The old share buttons have been replaced by the privacy-friendly social media buttons “Shariff” from c't (more informationUnlike before, social media websites only collect user data when the user clicks the button. The source code for the buttons is freely available as open source on Git.
