Get access to free tutorials, exclusive content and more.

Comprehensive Guide to WordPress GDPR Compliance

Hey there! If you’re diving into the digital world, you’ll know how big a deal data privacy is these days. Ever heard of the General Data Protection Regulation (GDPR)? It’s this EU law thing that’s all about keeping people’s data safe. And if you’re a WordPress user, WordPress GDPR compliance is a must-know. Don’t sweat it; I’ll break it down for you, especially if you’re using Ninja Forms.

So, what’s GDPR Compliance and where does WordPress fit in?

Back in May 2018 (the 25th, to be exact), GDPR kicked in. In simple terms, it says businesses should let folks see their personal data and, if they want, delete it. That’s what they call the Right to Access and the Right to Be Forgotten. Cool, right? If GDPR still sounds like Greek to you, maybe check out an article we wrote before. It’ll clear things up.

Here’s the thing: WordPress got on the GDPR train with some new updates. Pop into ‘Tools‘ in your dashboard, and you’ll spot ‘Export Personal Data‘ and ‘Erase Personal Data’.

Export Personal Data. Found in WordPress > Tool > Export Personal Data

With these, you can look up data by email or username and decide to share or delete it. But heads up! This only handles data from basic WordPress stuff. Plugin data, say from form submissions, is another story unless the plugin peeps have added that feature.

Ninja Forms jumped in with a solution. We rolled out these templates called ‘Delete Data Request‘ and ‘Export Data Request‘. Connect them with WordPress, and voilà!

GDPR Delete and Export form templates

If someone asks for their data, you’ll see it pop up in ‘Tools‘. A click and you’re done! Plus, Ninja Forms lets you label data fields. So when someone asks to delete their data, you can just make it anonymous and keep the rest untouched.

Ninja Forms WordPress GDPR Compliance features

  1. Automate GDPR data management with Store Submission
  2. Customize as needed: easily add Export/Delete options to any WordPress form
  3. Easily mark fields as personal data
  4. Customize your data collection with selective field saving
  5. Set submission data to expire on a timer

1. Automate GDPR data management with Store Submission.

We’ve revamped the Record Submission action for easier user data management and automated compliance. Now, both registered and non-registered WordPress users can auto-process Export and Delete Data requests. Find this in your Emails & Actions tab!

Simply link the submitter’s email with the form submission using the new request forms. GDPR Compliance - Delete Data Request action

2. Customize as needed: easily add Export/Delete options to any WordPress form.

Simply map the form’s email field to the Designated Submitter’s Email Address. While you can link it to other fields. We advise using email for seamless export and erase requests.

Designated Submitter's Email Address

3. Easily mark fields as personal data.

Fields come with a toggle for designating as ‘Personally Identifiable Data‘. Some default fields are pre-marked, but you can toggle any:

For Delete Data Requests, you can choose to anonymize, not delete. Only marked fields get anonymized; others stay unchanged. Activate this option in the Advanced settings of the Delete Data Request:

Anonymize data with the Delete Request action

 

4. Customize your data collection with selective field saving.

If a form mixes personal and non-personal data fields, and a user doesn’t consent to share personal details, you can still collect non-personal data. Now, you can individually choose which fields to save to the database.Save field you want remove others with selective field saving

5. Set submission data to expire on a timer.

By popular demand, we’ve added an option for submission data to auto-expire. Head to the ‘Record Submission‘ under ‘Emails & Actions‘ to find this:

Set submissions to expire in the Advanced dropdown in the Record Submission action

Dive into ‘Advanced settings’, activate it, and submissions will auto-delete after 90 days by default. Adjust the duration as you see fit. Expired data lands in ‘Trash‘ in Ninja Forms > Submissions, so remember to clear it if you want the data fully gone.”

Extra tip: GDPR-ready cookie plugins for WordPress

While Ninja Forms is packed with GDPR tools, we don’t handle Cookie Notices. But don’t worry! Here are some top-notch, GDPR-friendly cookie plugins to help you display banners and policies on your WordPress site.

  1. CookieYes – The CookieYes GDPR Cookie Consent plugin will assist you in making your website GDPR (RGPD, DSVGO) compliant by adding a cookie banner to your site.
  2. Complianz – GDPR/CCPA Cookie Consent – Complianz is a GDPR/CCPA Cookie Consent plugin that supports GDPR, ePrivacy, DSGVO, TTDSG, LGPD, POPIA, APA, RGPD, CCPA/CPRA and PIPEDA with a conditional Cookie Notice and customized Cookie Policy based on the results of the built-in Cookie Scan.
  3. Cookie Notice & Compliance for GDPR / CCPA

To wrap it up

Nailing the whole GDPR thing with WordPress? It’s a breeze if you’ve got Ninja Forms by your side. True, you’ll need to step in for some stuff, but these tools make it loads easier. Want to learn more about GDPR compliance? Check out our documentation here.