Two Plugins that will make your wordpress website GDPR Compliant pretty fast

If you use wordpress as your CMS (content management system) and you have got a contact form, signup form (say for newsletter) and/or a comment panel (where users can leave comment on your website) then under GDPR, you need to make sure that:

#1 Your website users can request access to their personal data (name, email address, comments or any other data submitted to your website).

#2 Your website users can download and view their personal data (as per Article 15 of GDPR).

#3 Your website users can request for their personal data to be removed (as per Article 18 of GDPR).

Now in order to create such functionality on your wordpress website, you have got two options:

#1 Hire a wordpress developer to create, test and maintain such functionality for you.

#2 Use a readymade wordpress plugin.

I prefer the latter.

If you navigate to the ‘contact us’ page of my website, you will see a new option named ‘Request Personal Data’:

Once you click on this option, you will be asked to enter your email address:

Once you submit your email address, you will automatically get an email notification which contains a link to download and view your personal data:

Following is the content of this email:

When a user click on the ‘Check Your Personal Data’ button, he lands on a page through which he can download all of the personal data he submitted on my website.

This include blog post comments and any or all form fields (submitted via contact form):

As you can see from the screenshot, the user also has the option to send delete request for blog post comments and/or form entries.

When a user request to view his personal data, I as DPO (data protection officer) for OptimizeSmart, get an email notification for request to view personal data:

Following is the content of this email:

When i click on the ‘check list of requests’ button, i can see the list of all data requests made by the users in my wordpress admin panel:

This functionality is really handy for a high traffic website like mine, as i get tens of thousands of people visiting my website every single day and i can’t manually manage or maintain records of data request and/or delete requests (though I haven’t got any such request so far, but just in case).

If i need to check the list of delete requests, i can click on the ‘Delete Requests’ tab:

Here i get the option to delete personal data or make personal data anonymous:

I also get an email notification, every time a website user send a delete request:

Following is the content of this email:

If i click on the ‘check all requests’ button, i will be redirected to the page (within wordpress admin panel) which list all of the delete requests.

The wordpress plugin that I use to generate this functionality is

This plugin is free to use.

But the add-ons they provide to make your contact forms GDPR complaint, require an annual subscription.

I use the Gravity form plugin to host my contact form.

So I use their ‘Gravity form add-on’ plugin.

It cost around 20 euros a year (around US $24/year)

Through free version, you can handle all the view and delete requests for the blog posts comments submitted on your website.

But in order to handle all the view and delete requests for the personal data submitted via your contact form (where most of the personal data is collected), you would need to purchase, your contact form relevant add-on from ‘WP-GDPR’.

‘WP-GDPR’ has got add ons for: Gravity forms, contact form 7 DB, Woocommerce, Flamingo and MailChimp.

Accept or decline Cookie Tracking

The second plugin that can make your wordpress website GDPR compliant pretty fast is: Surbma – GDPR Proof Cookies

This plugin helps your website to comply with GDPR cookie regulations by asking every visitors to accept or decline cookie tracking.

If visitor choose to decline, than no visitor data will be sent to third party services.

If visitor accepts tracking, than data will be sent to third parties.

So visitors can choose to be tracked or not, before they visit any page of the website.

The cookie saved by this plugin is not storing any sensitive personal data, it is storing only two fix values: “yes” or “no”.

This cookie management is GDPR proof, as it is impossible to identify any user with the cookie data. Cookies will expire in 30 days by default.


The free version of this plugin is available, but it has got very limited features.

You would be better off using the paid versions (around $15 a year) where you can carry out full customization (like add link to your privacy policy page, GA Tracking Code Customization), full cookie control and GA IP anonymization.

The plugin author promise to provide support for Facebook pixel, Google Remarketing, Hotjar etc in the near future.

By the way, i am not paid in any shape or form to promote these two plugins.

I just found them useful and that’s why sharing them with you.

Related Articles:

Most Popular E-Books from OptimizeSmart

Learn to read e-commerce reports book banner

How to learn and master Web Analytics and Google Analytics?

Take the Course

Check out my best selling books on Web Analytics and Conversion Optimization on Amazon

How to get lot more useful information?

I share lot more useful information on Web Analytics and Google Analytics on LinkedIn then I can via any other medium. So there is really an incentive for you, to follow me there.

Himanshu Sharma

Certified web analyst and founder of

My name is Himanshu Sharma and I help businesses find and fix their Google Analytics and conversion issues. If you have any questions or comments please contact me.

  • Over twelve years' experience in SEO, PPC and web analytics
  • Google Analytics certified
  • Google AdWords certified
  • Nominated for Digital Analytics Association Award for Excellence
  • Bachelors degree in Internet Science
  • Founder of and

I am also the author of four books:

error: Alert: Content is protected !!