Data443 Cyber Security, Blockchain, GDPR, Data Classification, Identity Governance

New Release is now available of The WordPress GDPR Framework

by Jason Remillard

Today we released an upgrade to our most recent product capability – The WordPress GDPR Framework.  While in past lives I have done much in the WordPress plugin arena – for Data443 this is a run of many firsts.. Setting up the infrastructure, clearing out a backlog of bugs and enhancements, staging our next few sprints for the dev plan and working out the product plan of record.  Additionally, much work is done behind the scenes – from a simple thing like updating the headline graphic to being able to push updates via SVN.

Outside of the geek speak – why did we do this, and what is the plan?  As we know – WordPress is a significant content platform management platform.  Fully 100% of our new prospects and customers I have spoken to since we announced have WordPress – as I expected.  Now, of course the public marketing site is usually run by a different group, etc.  But as I was indicating to a customer prospect earlier today – I sort of have a soft spot in my heart for SMB organizations…. Usually they are overwhelmed, underfunded and could use some help.. GDPR, FOI or other ‘deep’ capability requirements are very difficult to fulfil and manage.  So, WordPress is a great way to very quickly organize some capabilities for these organizations – and like I said, very close to 100% reach!

So, in this case, what does it do?

The WP GDPR Framework is a simple to deploy WordPress standards-based plugin that enables an administrator or site owner – within a few clicks – enable a cookie and privacy policy that is tailored to their needs.  More than just a ‘click here for this’ capability – the plugin enables something very special – the ‘iceberg’ request – a Data Subject Access Request (DSAR).  The DSAR is a mandated capability that organizations much offer to (any) person with potential Privacy Information requests the ability to request (for free in most cases) where and for what purposes is their personal information being used within that company.

In the simplest example – if you were an ecommerce company selling widgets online – a person must be able to request directly from you, and within 30 days get a response about how you are using their information.  In this example, the response may contain the following details:

Dear Sir/Madam;

We have reviewed our data storage and have identified 3 locations where your information is resident.

Previous Orders: May 4, 2018 – your address and contact information

‘New Product Mailing List’ – your email address and how many times you viewed our notices.

You have the option to remove or update any of this information indicated above.

In this simpler example, our plugin will automate this process (from receiving the request to consolidating the search results and then delivering them to the requestor).  Depending on the action, our plugin will update/remediate based on the request response.  It’s a simple functionality, but desparately needed and removes/mitigates significant work efforts if an organization has potentially 1000’s of requests and/or much data to manage.  Quickly this becomes overwhelming, costly to manage – and then potentially material when considering fines and reputation damage.

So, today we have capability for the majority of WordPress requirements on the public facing side.  Going forward we expect to extend this into the ClassiDocs land – allowing the administrator to ‘hook into’ their on premise and cloud repositories to facilitate DSARs..  While it would be unreasonable to expect every single WordPress installation to utilize ClassiDocs to extend to the enterprise – today we are the only ones to provide this capability  😊