Automating WordPress GDPR Export and Delete Requests

Being able to accept and process WordPress GDPR requests from users to provide or delete personal data is a core requirement of the new regulations. WordPress released an update recently that introduces two new features under Tools in the dashboard:

  • Export Personal Data
  • Erase Personal Data

These both offer a way to input an email address and have WordPress export or erase all WordPress data associated with that address.

Problem is, there’s no good way for users to get the request to you. If you’re struggling to find a good system for allowing users to take advantage of these new WordPress GDPR features, we have good news.

There is an easy way to virtually automate GDPR export and delete requests using your WordPress forms!

This new WordPress feature allows you to pull all personal data associated with an email address

Under Tools in the dashboard, you’ll now see two new options: Export Personal Data & Erase Personal Data. The two screens are virtually identical:

Simply input a username or email address into the field there, and WordPress will find all all personal data associated with it for you.

This is fantastic, but there’s no good way to allow data subjects to actually make these requests. As-is, the process would look a little something like this:

  1. User finds a way to reach out to you with the request
  2. You manually input the email address
  3. WordPress sends a confirmation email to that address (Requester status set to Pending)
  4. User confirms the email address (Requester status set to Verified)
  5. You check in and grant the request for the verified email address

This process requires your time and attention from start to finish. Keep reading below for a much simpler solution! 🙂

You can automate the new WordPress GDPR request feature using your WordPress forms!

The most recent Ninja Forms update provides a front-end form (and a new action) to field these requests. The form (or action) allows users to make the request directly. To properly associate users with their submitted form data, we’ve also upgraded the Store Submission action.

Together, these two upgrades mean your time and attention are only required at the very end of the above process. All you’ll have to do is periodically check the admin for new verified requests!

Associate every form submission with a user email address using this new feature

To help you organize user data for automated compliance with export and erase requests, we’ve upgraded the Store Submission action. Check it out under your Emails & Actions tab.

You’ll now find a setting within this action that will link the submitter’s email address to the form submission when using the new export/delete data request forms introduced in the next section.

Just map the email field of the form to the Designated Submitter’s Email Address. You have the option to map it to other fields if necessary, but we recommend associating by email. With this done, the feature described below will fully automate export and erase requests!

New Export/Delete Data Request forms and actions

The newest update to Ninja Forms (3.3) introduces 2 stock WordPress forms and actions:

  • Delete Data Request
  • Export Data Request

The forms can be found under Ninja Forms > Add New:

And the actions can be found under the Emails & Actions tab of any form:

When a user submits one of these forms, or a form containing one of these actions, Ninja Forms communicates that request to the new WordPress Export/Erase feature. The Requester email address is submitted for you and a confirmation email is sent.

All that’s left for you to do is periodically check into the admin to scout for new, verified requests. Granting them for a registered user is as simple as clicking the Download or Delete button on the admin page.

Use these new features to take the headache out of keeping up with GDPR requests

There’s no reason these WordPress GDPR requests should take up any more of your time than they have to. Taking advantage of the above features will minimize the time you have to spend. Simply check in periodically for verified requests, and that’s that!

For more information on WordPress forms and WordPress GDPR compliance, hop over here. We also have an article outlining the above features + features that will be coming soon. Finally, if you’re interested, we’ve shared our own thoughts on the GDPR from a more philosophical angle too.

Check the comments below! What questions do you have about the GDPR?