There was a problem loading the comments.

What are the most important GDPR security settings?

Support Portal  »  Knowledgebase (FAQ)  »  Viewing Article

Editions: all
Versions: 4.0+

Basically you should always use VIMP in the most current version, as the exact requirements for software products with regard to the GDPR will certainly change again and again over the course of time via precedents. With the latest version we will continuously implement the necessary measures with regard to Privacy by Default and Privacy by Design.

The requirements for data security differ depending on the operation purpose of VIMP. Please contact your legal department or data protection officer for more information.

In the following we list functions that are available in VIMP for the protection of data privacy:

  • Strong password encryption using SHA2
  • Password renewal can be forced after a defined period of time
  • Password security requirements are configurable (minimum length, maximum length, minimum number of upper/lower case letters, special characters, numbers)
  • User blocking after a defined number of incorrect logins
  • Cookie consent is enabled by default
  • Newsletter double-opt-in at registration
  • Two-level delete function for users and media
  • IP anonymization
  • SSL support (VIMP can be operated completely SSL encrypted)
  • YouTube and Vimeo embeds in privacy mode
  • Encrypted e-mail delivery via SSL or TLS (can be set in the configuration)
  • User data export
  • Media export

Age verification:
If it is necessary for the purpose of your platform to integrate an age query, you can add this to the registration using a hidden custom user field.

Declarations of consent:
The same applies to obtaining consent in the registration process. This can also be added via a hidden custom user field. Hidden field means that the field appears in the forms (registration, edit user), but is not visible to others in the user profile.

User deletion:
A user deletion removes all user data from the platform. In the first step, the user is only set to the "deleted" status and can be restored by the administrator at any time. In the second step, the user is permanently deleted from the system. This means all his data is physically removed from the hard disk and from the database.

IP anonymization:
VIMP automatically anonymizes all IP addresses that are stored in the database. If this is not necessary for your application, you can deactivate the function in the configuration.
IP anonymization for Google Analytics can be set separately under the Google Analytics configuration item.

Google Analytics:
Be sure to activate IP anonymization under Configuration -> Google Analytics. Furthermore, from version 4.0.2 VIMP contains the required opt-out code as required for the GDPR by default.

Share via

Related Articles