Personal data that Business Directory plugin collects
Chamber Dashboard plugins connect to the WordPress erase personal data tool. This makes it much simpler for site admins to comply with a ‘right to be forgotten’ request from a member.
The Chamber Dashboard Business Directory plugin does collect some personal data, including:
- Phone number
The CRM plugin may also collect personal data, name, address, email phone number, depending on how you are using it.
Personal data collected by other Chamber Dashboard plugins
No personal data is collected by the Member Manager plugin, the Events Calendar plugin, the Member Updater plugin, CRM Importer plugin, the Exporter plugin, the Recurring Payments plugin, the WC Payments plugin, or the Payment Options plugin.
Chamber Dashboard settings required to be GDPR compliant
However, the WordPress export personal data and erase personal data tools rely on the WordPress user’s email to complete each request. Only data that is connected to the WordPress user will be exported or erased.
In order for your organization to be able to comply with a member request to erase personal data from Business Directory, ALL of the following must be true:
- Business Directory is activated on your site,
- CRM is activated,
- Member Manager is activated, AND
- The members-only feature is selected on the Member Manager settings page
When new members sign up using the Member Manager membership form, a WordPress user record will be automatically created and connected to both their Business Directory and CRM listings.
Listings imported via CSV file
Business Directory or CRM (People) listings imported to your site via CSV file, will need to be manually connected to a WordPress user record in order to hook into the WordPress erase personal data tool.
How to export personal data from Business Directory
- Log in to your WordPress dashboard as an Admin
- Go to Tools >> Export Personal Data
- Enter the email address and ‘send request’ to the user requesting the export of their personal data.
- The user will need to access their email and click on the confirmation link before they can access the export file of their personal data.
- Once the user has confirmed the request, the status of the request will be updated to ‘confirmed’. At this point, you as the site admin can send the user a link to export their data.
- The data will be sent as both a web page and a json file.
- These files will be automatically deleted from your site after 48 hours.
NOTE: The site admin can also download the export file from this screen to review data to be exported.
What data gets exported?
Using a fresh install of WordPress, with only Chamber Dashboard plugins installed, the Business Directory data that is connected to the user email is exported, including the following.
- Business listing data connected to member
- People record data connected to member
- Media files uploaded by member
NOTE: WordPress data is exported also. As well, if additional plugins are installed, additional data connected to the user may be exported.
How to erase personal data from Business Directory
- Log in to your WordPress dashboard as an Admin
- Go to Tools >> Erase Personal Data
- Enter the email address and ‘send request’ to the user requesting erasure of their personal data.
- The user will need to access their email and click on the confirmation link before the erase personal data request can be completed.
- Once the user has confirmed the request, the status of the request will be updated’. At this point, you as the site admin can complete the ‘Erase Personal Data’ request.
- Once the erasure request has been completed, go to Users to delete the WordPress user record. Be sure to select the ‘delete all content’ option.
- Once the user record has been deleted, return to both the export and erase dashboards to delete the requests.
What data gets erased?
Using a fresh install of WordPress, with only Chamber Dashboard plugins installed, the Business Directory data that is connected to the user email is erased including the following. After completing Step 5 above:
- Business is switched to draft status & marked for deletion – Use the Business Listing to find all related invoices. Manually delete the Business listing only after all connected invoices have been deleted.
- Invoices – No Change. Invoices are not automatically deleted. This gives the organization a chance to complete any accounting or reporting processes. Once accounting & reporting is complete, the site admin will need to manually delete invoices.
- People record – erased
- WordPress User – As per the WordPress process, user gets erased as a separate step. (see Step 6 above)
- Member submitted events – Event listings and media files submitted by the member will be erased when user is erased.
NOTE: WordPress data is erased also. As well, if additional plugins are installed, additional data connected to the user may be erased.
How can members submit a ‘right to be forgotten’ request?
If your organization is required to comply with GDPR, or even if it’s not. It is still a good idea to document how all data on your site will be managed and secured, including creating a process for handling data access requests.
Once the data access request is received, you are on the clock to comply. Having a written process for how to handle requests, from both current or former members will ensure that your staff will know exactly what to do.