Two Plugins that will make your WordPress website GDPR Compliant pretty fast
If you use WordPress as your CMS (content management system) and you have got a contact form, signup form (say for a newsletter) and/or a comment panel (where users can leave a comment on your website) then under GDPR, you need to make sure that:
#1 Your website users can request access to their personal data (name, email address, comments or any other data submitted to your website).
#2 Your website users can download and view their personal data (as per Article 15 of GDPR).
#3 Your website users can request for their personal data to be removed (as per Article 18 of GDPR).
Now in order to create such functionality on your WordPress website, you have got two options:
#1 Hire a WordPress developer to create, test, and maintain such functionality for you.
#2 Use a readymade WordPress plugin.
I prefer the latter.
If you navigate to the ‘contact us’ page of my website, you will see a new option named ‘Request Personal Data’:
Once you click on this option, you will be asked to enter your email address:
Once you submit your email address, you will automatically get an email notification which contains a link to download and view your personal data:
Following is the content of this email:
When a user clicks on the ‘Check Your Personal Data’ button, he lands on a page through which he can download all of the personal data he submitted on my website.
This includes blog post comments and any or all form fields (submitted via a contact form):
As you can see from the screenshot, the user also has the option to send delete requests for blog post comments and/or form entries.
When a user requests to view his personal data, I as DPO (data protection officer) for OptimizeSmart, get an email notification for a request to view personal data:
Following is the content of this email:
When I click on the ‘checklist of requests’ button, I can see the list of all data requests made by the users in my WordPress admin panel:
This functionality is really handy for a high traffic website like mine, as I get tens of thousands of people visiting my website every single day and I can’t manually manage or maintain records of data request and/or delete requests (though I haven’t got any such request so far, but just in case).
If I need to check the list of delete requests, I can click on the ‘Delete Requests’ tab:
Here I get the option to delete personal data or make personal data anonymous:
I also get an email notification, every time a website user send a delete request:
Following is the content of this email:
If I click on the ‘check all requests’ button, I will be redirected to the page (within WordPress admin panel) which lists all of the delete requests.
The WordPress plugin that I use to generate this functionality is https://wp-gdpr.eu/. This plugin is free to use but the add-ons they provide to make your contact forms GDPR complaint, require an annual subscription.
I use the Gravity form plugin to host my contact form. So I use their ‘Gravity form add-on’ plugin. It cost around 20 euros a year (around US $24/year)
Through the free version, you can handle all the view and delete requests for the blog posts comments submitted on your website. But in order to handle all the view and delete requests for the personal data submitted via your contact form (where most of the personal data is collected), you would need to purchase your contact form relevant add-on from ‘WP-GDPR’.
‘WP-GDPR’ has got add ons for: Gravity forms, contact form 7 DB, Woocommerce, Flamingo, and MailChimp.
Accept or decline Cookie Tracking
The second plugin that can make your WordPress website GDPR compliant pretty fast is: Surbma – GDPR Proof Cookies
This plugin helps your website to comply with GDPR cookie regulations by asking every visitors to accept or decline cookie tracking.
If visitor choose to decline, than no visitor data will be sent to third party services.
If visitor accepts tracking, than data will be sent to third parties.
So visitors can choose to be tracked or not, before they visit any page of the website.
The cookie saved by this plugin is not storing any sensitive personal data, it is storing only two fix values: “yes” or “no”.
This cookie management is GDPR proof, as it is impossible to identify any user with the cookie data. Cookies will expire in 30 days by default.
Source: https://wordpress.org/plugins/surbma-gdpr-proof-google-analytics/
The free version of this plugin is available, but it has got very limited features.
You would be better off using the paid versions (around $15 a year) where you can carry out full customization (like add link to your privacy policy page, GA Tracking Code Customization), full cookie control, and GA IP anonymization.
The plugin author promise to provide support for Facebook pixel, Google Remarketing, Hotjar, etc in the near future.
By the way, I am not paid in any shape or form to promote these two plugins. I just found them useful and that’s why sharing them with you.
Related Articles:
If you use WordPress as your CMS (content management system) and you have got a contact form, signup form (say for a newsletter) and/or a comment panel (where users can leave a comment on your website) then under GDPR, you need to make sure that:
#1 Your website users can request access to their personal data (name, email address, comments or any other data submitted to your website).
#2 Your website users can download and view their personal data (as per Article 15 of GDPR).
#3 Your website users can request for their personal data to be removed (as per Article 18 of GDPR).
Now in order to create such functionality on your WordPress website, you have got two options:
#1 Hire a WordPress developer to create, test, and maintain such functionality for you.
#2 Use a readymade WordPress plugin.
I prefer the latter.
If you navigate to the ‘contact us’ page of my website, you will see a new option named ‘Request Personal Data’:
Once you click on this option, you will be asked to enter your email address:
Once you submit your email address, you will automatically get an email notification which contains a link to download and view your personal data:
Following is the content of this email:
When a user clicks on the ‘Check Your Personal Data’ button, he lands on a page through which he can download all of the personal data he submitted on my website.
This includes blog post comments and any or all form fields (submitted via a contact form):
As you can see from the screenshot, the user also has the option to send delete requests for blog post comments and/or form entries.
When a user requests to view his personal data, I as DPO (data protection officer) for OptimizeSmart, get an email notification for a request to view personal data:
Following is the content of this email:
When I click on the ‘checklist of requests’ button, I can see the list of all data requests made by the users in my WordPress admin panel:
This functionality is really handy for a high traffic website like mine, as I get tens of thousands of people visiting my website every single day and I can’t manually manage or maintain records of data request and/or delete requests (though I haven’t got any such request so far, but just in case).
If I need to check the list of delete requests, I can click on the ‘Delete Requests’ tab:
Here I get the option to delete personal data or make personal data anonymous:
I also get an email notification, every time a website user send a delete request:
Following is the content of this email:
If I click on the ‘check all requests’ button, I will be redirected to the page (within WordPress admin panel) which lists all of the delete requests.
The WordPress plugin that I use to generate this functionality is https://wp-gdpr.eu/. This plugin is free to use but the add-ons they provide to make your contact forms GDPR complaint, require an annual subscription.
I use the Gravity form plugin to host my contact form. So I use their ‘Gravity form add-on’ plugin. It cost around 20 euros a year (around US $24/year)
Through the free version, you can handle all the view and delete requests for the blog posts comments submitted on your website. But in order to handle all the view and delete requests for the personal data submitted via your contact form (where most of the personal data is collected), you would need to purchase your contact form relevant add-on from ‘WP-GDPR’.
‘WP-GDPR’ has got add ons for: Gravity forms, contact form 7 DB, Woocommerce, Flamingo, and MailChimp.
Accept or decline Cookie Tracking
The second plugin that can make your WordPress website GDPR compliant pretty fast is: Surbma – GDPR Proof Cookies
This plugin helps your website to comply with GDPR cookie regulations by asking every visitors to accept or decline cookie tracking.
If visitor choose to decline, than no visitor data will be sent to third party services.
If visitor accepts tracking, than data will be sent to third parties.
So visitors can choose to be tracked or not, before they visit any page of the website.
The cookie saved by this plugin is not storing any sensitive personal data, it is storing only two fix values: “yes” or “no”.
This cookie management is GDPR proof, as it is impossible to identify any user with the cookie data. Cookies will expire in 30 days by default.
Source: https://wordpress.org/plugins/surbma-gdpr-proof-google-analytics/
The free version of this plugin is available, but it has got very limited features.
You would be better off using the paid versions (around $15 a year) where you can carry out full customization (like add link to your privacy policy page, GA Tracking Code Customization), full cookie control, and GA IP anonymization.
The plugin author promise to provide support for Facebook pixel, Google Remarketing, Hotjar, etc in the near future.
By the way, I am not paid in any shape or form to promote these two plugins. I just found them useful and that’s why sharing them with you.
Related Articles:
My best selling books on Digital Analytics and Conversion Optimization
Maths and Stats for Web Analytics and Conversion Optimization
This expert guide will teach you how to leverage the knowledge of maths and statistics in order to accurately interpret data and take actions, which can quickly improve the bottom-line of your online business.
Master the Essentials of Email Marketing Analytics
This book focuses solely on the ‘analytics’ that power your email marketing optimization program and will help you dramatically reduce your cost per acquisition and increase marketing ROI by tracking the performance of the various KPIs and metrics used for email marketing.
Attribution Modelling in Google Analytics and BeyondSECOND EDITION OUT NOW!
Attribution modelling is the process of determining the most effective marketing channels for investment. This book has been written to help you implement attribution modelling. It will teach you how to leverage the knowledge of attribution modelling in order to allocate marketing budget and understand buying behaviour.
Attribution Modelling in Google Ads and Facebook
This book has been written to help you implement attribution modelling in Google Ads (Google AdWords) and Facebook. It will teach you, how to leverage the knowledge of attribution modelling in order to understand the customer purchasing journey and determine the most effective marketing channels for investment.