Instructions on how to easily comply with the General Data Protection Regulation (GDPR) as a web administrator of a site that uses the Bitcoin and Altcoin Wallets plugin for WordPress.
3.3.0 of Bitcoin and Altcoin Wallets for WordPress assists website administrators towards GDPR compliance.
Because the policy affects any handling of data that can be used to personally identify a user, this can also touch on Bitcoin and Altcoin Wallets. The plugin handles blockchain addresses and transaction IDs. This data can be used by blockchain analytics tools to personally identify a user, and can therefore be considered to be “personal data”.
In short, you have at least the following three legal obligations as a site operator:
- You must be able to give out a copy of all personal user data to any user that requests it. The process involves an authorization step, to make sure that you do not give out data to anyone else rather than the owner. WordPress assists you in that process via the new tool under Admin → Tools → Export Personal Data. Bitcoin and Altcoin Wallets hooks into this mechanism and attaches all of the deposit addresses and transaction IDs of a user into the data export.
- You must be able to erase all personal data that you hold on behalf of any user at their request. The process is similar to that of data export (see 2 above), and the functionality will be available at Admin → Tools → Erase Personal Data. Bitcoin and Altcoin Wallets hooks into this mechanism and deletes all of the deposit addresses and transaction IDs of a user when an admin performs data deletion at the request of that user. If there are any coins in the user’s balance they will be returned to the site’s wallet. Presumably the user should withdraw any remaining balance before requesting that their account is deleted.
All of this can seem like a hassle to all of us who are affected, but let’s keep in mind that privacy on the web is a good thing. People should have control over their personal data. As long as you do the above things, you should be fine as a site administrator.