Connectid Business plugin
-for GDPR compliance
Connectid Business WordPress plugin is a new plugin for WooCommerce users, which helps set up webshops for compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other privacy regulations.
New regulations give people the rights to their own data. Among other things, they require ‘data portability’, that you send a copy of a person’s data to them when they request it.
This plugin automates the process of receiving and responding to data portability requests, with a request portal link you can quickly add to your site as a block or a widget in WordPress, automatic data extraction from WooCommerce, plus auto-verification and documentation of requests.
The customer’s data is delivered in a commonly used, machine-readable and structured format as required by privacy regulations.
Receive, verify, and fulfill data portability requests with the Connectid Business WordPress plugin for GDPR Compliance.
What is data portability?
The right of data portability is Article 20 of the GDPR. The concept of data portability allows users to obtain and reuse their personal data for their own purposes, or transmit the data to another service provider if they choose. It describes the moving, copying, or transferring personal data easily from one company to another, in a secure way, without affecting its usability.
This lets consumers make use of different applications and switch service providers more easily. Suppose a person wants to switch from insurance company (A) to insurance company (B). Insurance company A is required to provide a copy of the person’s information in a timely manner.
Insurance company A must implement some technical process to transfer the data. They may provide a link to download the data that allows the person to share it with Insurance company B however he or she chooses. Or at the person’s request, Insurance company A can forward the data directly to Insurance company B. But how can you be sure sensitive personal data is transferred safely?
Further, as stated by the Article 29 group the data should be delivered: “in a structured, commonly used and machine-readable format”.
You can read more about the guidelines for data portability here.
Data portability reduces the lock-in effect and increases global market competition
Data portability helps prevent the lock-in effect. Briefly explained, the lock-in effect refers to the fact that a person may choose not to switch to iTunes or Spotify from another music service simply because they don’t want to ‘start over’ building their user profile. They are locked in.
Data portability is meant to make it easy for consumers to move data from one provider to another. This means that companies can no longer ‘hold on to you’ by holding onto your user profile. All user-created data must be moved to another company when you request it.
As far as the actual transfer of information, some progress has been made in transferring multiple data format types. In this way, it becomes possible to use data for multiple purposes and across sectors and borders, making it easier for new businesses to compete with the bigger players in the market as users move their data from one to another through secure, unique platforms.
This allows a person to send their data quickly and freely wherever THEY choose, creating a more transparent ‘free-flow’ of data where each person is able to manage their own data.
How can online retailers meet the requirements of data portability and use it as a competitive advantage?
The GDPR does not specify how people should make data portability requests, and individuals are not required to direct their requests to a specific person or contact point. This presents a challenge for companies since requests could come to any department, either verbally or in writing; and even on social media. As long as the person is who they say they are and your company does have their personal data, their request is valid.
Directing requesters to make their requests from your website is a smart move. And if you already use WooCommerce to automate orders, payments, shipping, etc; adding the Connectid Business plugin to WordPress is the logical next step to automate data requests in the same way. You can use it to add a Data Request Portal to your site, so that data portability requests come in the same way, every time. With stored WooCommerce data, the entire request process from request to delivery is streamlined with a full 360° automation flow.
Making data portability requests simple and easy is great for your customers, but is making data portability accessible good for your company?
Absolutely. In fact, it can give your company a competitive advantage. Studies show that consumers increasingly prefer to buy products and services from companies that prioritize the security of their data and are open about the way they use it. Placing a link to your own Request Portal on your website shows that your company is transparent and data-ethical; that you protect the rights of your users and the personal data they share with you. Trust, transparency, and data-ethics are elements that strengthen a positive perception of your company’s brand.
Offering data portability to your customers is the law in the EU and in California, but it’s also just good customer service. Most webshops offer free returns on their retail products even though returns incur some cost to the company. As consumers become increasingly aware of their rights and the value of their own data, offering easy and secure ‘returns’ of their personal data is the right choice for responsible companies. That being said, you’ll want to handle the request process in the most secure, cost-effective, and time-saving way possible.
How can I simplify the process and still be compliant?
Finding and preparing a person’s data can be time-consuming. Data requests may take 30-40 hours when handled manually. A better option is to quickly add the Connectid Business plugin to WordPress and let it extract customer data automatically from WooCommerce, making it quick, easy, and secure for you to deliver their data.
Regulations require you to respond to data portability requests promptly. They also require you to protect the data you deliver and document everything to demonstrate you’ve done so. The Connectid Business plugin makes all of the above easy. Data portability requests are tracked and all activities are logged for audit purposes. No data is accepted before a request is authenticated. Data is kept securely with 2048 bit encryption in rest and in transit, and auto-deleted 32 days after delivery. Requesters are auto-notified of all actions by email and SMS.
What does it mean to use a machine-readable, structured, and commonly used format?
‘Commonly used’ simply means the format must be widely-used and well-established. ‘Structured’ data is organized, e.g, hppt, html, Json. Structured data is usually also ‘machine-readable’, that is, it is a format that can be automatically read and processed by a computer.
Machine-readable data can be made directly available to an application programming interface (API). APIs can collect data quickly from a company’s systems and deliver it to requesters in the proper format.
Therefore, choosing automated tools that use APIs is the fastest and easiest way to respond to data portability requests.
The Connectid Business plugin uses WooCommerce standard APIs that integrate with WordPress and WooCommerce to extract client-related information. After setup, you simply place the Request Portal Link on your site as a block or as a widget. When a person makes a request in the Request Portal, their customer information will be instantly extracted and automatically attached to that request in a useable format that meets the above requirements.
Depending on the information WooCommerce has stored on a certain customer, the following may be automatically added to their request:
For webshop customers who have created a profile that data may include:
- Customer profile
- Orders and refunds
- Media downloads
- Product reviews
For webshop guests who have not created a profile that data may include:
- Orders and refunds
- Product reviews
Media downloads are not applicable for guests, as customers must make a profile to download media with WooCommerce.
You can see that what is included in the data request automatically will depend on the customer and how much of their data WooCommerce has collected.
Creating a WooCommerce API Key and Secret and adding it to the plugin during setup enables automated data extraction when requests are made through the Request Portal.
Delivering data with the Connectid Business plugin
The customer’s WooCommerce data is added to their request instantly. To complete the delivery, simply open their request in Connectid Business from the GDPR Requests tab, add any additional files and an optional personal message, mark it as complete, and send.
Step by step:
- New requests will show up instantly in WordPress in Tools > Connectid Business > GDPR Requests.
- Click ‘view’ and log in to Connectid Business and choose that request from your dashboard.
- The requester’s WooCommerce data has already been attached automatically.
- You will have a chance to add additional data or a personal message to the customer, for example, you may have data stored in another application, or the customer may have provided additional personal information to customer service by email.
- Mark the request complete and send.
Who can use the plugin?
You must be a WordPress and WooCommerce user to activate the plugin.
If you do not have WooCommerce or do not use WordPress but still want a Request Portal for your website, then just create a free account in Connectid Business here.
Is it secure?
Connectid Business is stored on a secure Azure platform and all data is protected with 2048 bit encryption in rest and in transit. The platform is built on the principles of privacy by design and by default to ensure you get the best security.
A note about compliance
The Connectid Business WordPress plugin provides a solid solution to securely receive data requests and extract data automatically from WooCommerce, but adding the plugin to WordPress alone does not guarantee compliance with privacy regulations.
Complying with the GDPR and other privacy regulations is an ongoing process that involves your whole business. You can learn more about privacy regulations in our FAQ about data requests.
Do you want to try it? Find the Connectid Business plugin here.