As the new privacy law — the General Data Protection Regulation (GDPR) — is about to come into effect, all sorts of plugins are marketed to help you get GDPR compliant. In this article we cover six practical WordPress plugins that enable you to make your WordPress website GDPR-proof!
GDPR Consent Plugin (€ 39 per year)
For WordPress websites in Europe, Sowmedia launches the GDPR Consent Plugin: a plugin for WordPress with which you first ask permission from your visitors, before your other WordPress plugins (and scripts) start collecting personal data. This way you prevent your website from already collecting personal data before your visitor has given permission for this. The GDPR Consent Plugin lets you define exactly which consents you want to request of your visitors, allowing you to present a clear overview of unique required and optional consents for your visitors to interact with. This GDPR Consent Plugin is the most complete WordPress cookie & consent plugin of all.
Delete Me (free)
The GDPR issues the ‘right to be forgotten’. This basically means that you have to be able to erase someone’s personal data within a reasonable timespan upon their request. You could, of course, do this manually, but the WordPress plugin Delete Me offers your visitors to it themselves — that is, when it comes to data gathered by your website. Users can remove all their own posts and links, including their reactions to articles.
This plugin particularly comes in handy when you have a subscriber website or an active user group that regularly responds to your articles. Be aware, though, that this plugin will not remove data stored separately by additional plugins you may have added to your WordPress website.
Wider Gravity Forms Stop Entries (free)
The Gravity Forms plugin is our number one favorite plugin to build advanced forms for WordPress websites. Its form entries are stored in your WordPress site, but can also be mailed or forwarded to third parties, such as email marketing software. In case your entries are directly forwarded to another system, you may not need to additionally store these entries in your WordPress site.
The GDPR requires you to refrain from needlessly storing user data. This is why the Wider Gravity Forms Stop Entries is so convenient. This plugin removes entries immediately in your WordPress database, so form entries will only be stored in your external systems (or your mailbox). The only drawback is that you don’t have a backup of these entries any more in case you discover the link to your external system to be unresponsive, for instance. Alternatives to tackle this are the plugins below.
Gravity Forms Encrypted Fields ($ 27)
Do you store Gravity Forms entries within your website? Then you can protect these by encrypting them. The WordPress plugin Gravity Forms Encrypted Fields ($ 27) does this for you. User data is encrypted by this plugin within the database. Next, you can configure which persons are allowed to view specifically allotted entries. This may be required, particularly when you are gathering high risk personal data (like Social Security Numbers or medical information) that is not meant to be seen by all WordPress editors and administrators.
WP GDPR Compliance (free)
The GDPR demands ‘explicit consent’ of your visitors to allow you to process their data. Whether you want your visitors to subscribe to a newsletter, fill in a contact form, or react to a message, permission is required. Such explicit consent can be realized by virtue of providing a tick box for example. However, should a tick box be marked by default, then you are overriding the ‘privacy by default’ principle.
Forcing explicit consent in your WordPress website is largely done manually. Again, make sure that tick boxes aimed at having users agree with your terms, are not ticked by default. Fortunately, WP GDPR Compliance imbeds such tick boxes for you and supports plugins like Contact Form 7, WooCommerce and WordPress Comments. The author of this plugin has announced future support for other plugins as well.
Policy Genius (free)
An important part of GDPR compliance is making your privacy policy transparent. It is common practice to facilitate a link to a privacy policy in the footer of a website. Drawing up such protocols can be quite an endeavor. However, once you have constructed one that is explaining your policy in a clear and complete manner, you can then refer to it from any part of your website (for instance, places where you ask your visitors’ explicit consent).
The free WordPress plugin ‘Policy Genius’ helps you draw up a privacy policy in a few easy steps. This is no guarantee, however, that your policy then meets all requirements. It would be best to consult a lawyer to be safe.