RequestManager WordPress Plugin Technical Whitepaper

Introduction

The RequestManager plugin for WordPress and WooCommerce helps set up your website to comply with privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) that require you to send a copy of a person’s data to them when they request it.

As a website owner and data controller, you must verify, document and respond to data requests (DSARs) promptly.

The RequestManager plugin makes it easy, with a request portal you can quickly add to your site as a block or a widget. It tracks and verifies requests and streamlines the whole process with automatic data extraction from WooCommerce.


What does the RequestManager plugin for WordPress provide?

The RequestManager WordPress Plugin connects your WooCommerce portal to a data portability request portal so that your WooCommerce customer data can be auto-attached to new requests instantly.

Adding the plugin helps you become GDPR compliant by creating a free RequestManager account with access to GDPR ready features for your website.

Access RequestManager features directly from WordPress

The full RequestManager Platform offers:

  • 120 pre-made integrations
  • More privacy request options for your Request Portal
  • A template builder that helps organize data collection from different departments
  • Coordinate staff processes and delegate tasks to key employees

RequestManager Plugin integration architecture

RequestManager Plugin

RequestManager Plugin was built following the WordPress standard with the functionality to create and connect the data provider site to RequestManager. It can be installed on your site by downloading it from the Plugin Store in WordPress. Only your site admin can install it. Once it is installed, it communicates with your WooCommerce site and can be used to access customer information from the site.

Once the plugin is installed an admin can add a Request Portal as a widget or as a block on any page for site users / customers to request their data.

The Safe Online Data Adapter

The Safe Online Data Adapter serves as a mediator, communicating between the actual data provider and the plugin. The plugin sends the user data and site address to the Adapter creating a user in the Safe Online data provider.

The Safe Online Date Adapter also creates a list with the status of the all data requests from end users / customers.

The Safe Online Data Provider

The Data Adapter Communicates with the Data Provider which registers the data requested and processes requests and sends them to the end user/customer. The Data Provider processes the data and formats it against a template, then sends it to the customer who requested it.


How it works



After adding the RequestManager Plugin to your WordPress plugins, find it under Tools. Choose the Setup Customer tab.


CBW setup customer full


CBW WooCommerce settings

Provide the WooCommerce API Key and API Secret inside the Plugin.

You can generate an API key and Secret from WooCommerce>Settings page by choosing REST API from the Advanced Settings tab.



Add a Request Portal Link to your site as a widget or a block anywhere you like on your site and publish.

You are good to go. Your customers now have the option to request their data from your site.


CBW add request as a block


CBW verification 1

The Request Portal lets customers access this secure data request form. Data is protected with a one-time password to verify customer identity.


Security

RequestManager is stored on a secure Azure platform and all data is protected with 2048 bit encryption at rest and in transit.
The platform is built on the principles of privacy by design and by default to ensure you get the best security.

Data encrypted in transit

RequestManager uses encryption during transit with asymmetric certificate encryption on both the transport layer (https) and the database connection. RequestManager website portal is encrypted with TLS 1,2 (Transport Layer Security).

Data encryption at rest

RequestManager uses ‘always encrypt protocol’ for data. RequestManager provides a granular encryption of all data and centralized key management from an Azure key vault. RequestManager encryption algorithms operate on block lengths of 2048 bits. All customer data is kept in Azure private blob storage.

Encryption key

The Encryption Key is managed by Azure Key Vault and maintains the highest level of Encryption Key supported by Azure, with an RSA 2048 key size.


Scale

RequestManager Plugin is based on the data provider hosted in the Azure platform which is scalable and uses the features and functionalities of Microsoft Azure. It is flexible to increase its capacity based on resource requirements.

  • Regions for storage: Current data center is in Amsterdam, Netherlands, West Europe Region.
  • Scale Units: The application can Scale-Up on an on-demand basis when necessary.

Delivery and continuous updates

At Safe Online, we are dedicated to continuously improve the RequestManager data provider portal as well as the WooCommerce plugin based on the needs of users. We are constantly monitoring developments in regulations relevant to privacy, e.g., GDPR and related regulations in countries both inside and outside the EU to ensure the product is compatible with the latest local policies.

Changes and feature updates are deployed first in a staging environment and verified by a closed group of users and testers. Only when internal testing and the group of testers have approved changes and feature updates are these published in the production version. Customers are notified of upcoming updates.


Compatibility

CB Plugin version 1.0.0 is compatible with WordPress Version 4.6 or higher and the PHP Version 5.2.4 or higher.


Help

Watch our how-to videos for help getting started:


Documentation & Support

For more information about RequestManager, please see our resources page.


FAQ

You’ll find answers to many of your questions here.


Contact

Please contact us with any questions.

Still need help? Contact Us Contact Us