The following practices will provide a higher level of data privacy support, and are recommended as part of a reasonable attempt to fulfil GDPR requirements.
Use SSL/HTTPS for all web traffic. OJS and OMP can be used in conjunction with an SSL certificate so that all traffic between the user and the server is encrypted and transferred via HTTPS. In order to enable this, install an SSL certificate for your domain (or ask your service provider to do so) and set “force_ssl” to “on” in your config.inc.php file.
Restrict usage of other third party scripts. Third-party scripts, such as Google Analytics, should only be used if the application is required and the implications are understood. The use of these scripts should be properly identified in the Privacy Statement.
Anonymize usage data. OJS and OMP both have a Usage Statistic plugin that provides detailed metrics on page views and galley file downloads. It also creates and stores log files containing detailed information including IP address, date/time visited, page views, and browser information. This plugin does have a “Respect data privacy” option that will hash IP addresses, and inform visitors that this data is being tracked (with an option to opt-out). More information is available in the following locations:
Enabling the “Respect data privacy” option will require direct system administrator assistance.
Use the Sharrif Plugin for sharing/social media. Social media platforms like Twitter and Facebook all provide ways to embed sharing options and other social features into your sites, but similar to CDNs and other third party script options, these embeddable scripts typically allow the social media platform to track usage of your website. OJS-de, the German OJS user network, has developed a plugin to provide social media and sharing functions using the privacy-respecting Sharrif solution. It is available here, for OJS 2 and 3, and OMP 3: https://github.com/ojsde/shariff/releases.