This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

GDPR Personal Data Reports

Maelezo

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Union intend to strengthen and unify data protection for all individuals within the EU. It becomes enforceable from the 25th of May 2018.

The Right of Access (Article 15 of GDPR) gives citizens the right to get access to their personal data and information about how these personal data are being processed. A Data Controller (You) has to provide, upon request, an overview of the categories of data that are being processed (Article 15(1)(b)) as well as a copy of the actual data (Article 15(3)).

PERSONAL DATA REPORTS

Our extension will provide your customers with an automated process of requesting and retrieving their personal data with the following steps:

Step 1. Customer visits a GDPR request form and submits a request by providing their email address.
Step 2. If email is valid and belongs to an existing customer a confirmation email is sent.
Step 3. If the confirmation link is clicked, customer is presented with a confirmation screen and a personal data reports is generated for them.
Step 4. Customer receives their personal data report by email.

RIGHT TO BE FORGOTTEN

The extension provides with your customers with an automated process to request their personal data removal. Once the account ownership is verified, the extension will anonymise some data (user table date) and delete some date (user meta table).

Minimum Requirements

  • PHP version 5.2.4 or greater (PHP 5.6 or greater is recommended)
  • MySQL version 5.0 or greater (MySQL 5.6 or greater is recommended)

Automatic installation

Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of GDPR Personal Data Reports, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.

In the search field type “GDPR Personal Data Reports” and click Search Plugins. Once you’ve found our eCommerce plugin you can view details about it such as the point release, rating and description. Most importantly of course, you can install it by simply clicking “Install Now”.

Manual installation

The manual installation method involves downloading our plugin and uploading it to your webserver via your favourite FTP application. The WordPress codex contains instructions on how to do this here.

Updating

Automatic updates will prompt you to update the plugin from time to time.

Setting Up / Configuration

Once the plugin is installed and activated please visit Settings -> GDPR Settings and configure all fields according to your needs.

To include any of the user and product metadata in the report you need to set them to ‘Yes’ and add corresponding label text in the ‘GDPR User Fields’ and ‘GDPR Post Fields’ tabs.
If you want to allow users/customers to delete their accounts automatically, please set the ‘Right to be Forgotten’ setting to yet.

More details about the configuration fields:
‘Other locations/services where you store personal data’ – this is other systems or services that can reuse personal data information from your WordPress installation, for example Mailchimp. Content of this field will be attached to the personal data report sent to the customer.
‘Physical locations of servers where you host your website and other data’ – this is phyical locations of the servers where your installation is hosted. Content of this field will be attached to the personal data report sent to the customer.
‘Max Requests per Day’ – this is a maximum requests that the customer is allowed to submit per day. We recommend to set this to a low value, no more then 5.
‘Max Confirmation Attempts’ – this is a maximum confirmation attempts that are allowed per one request. We recommend to set this to 3, it can not be set to more then 10 attempts.
‘GDPR Email Header’ – this text will be added in the header of the personal data report email. You can include basic html in here.
‘GDPR Email Footer’ – this text will be added in the footer of the personal data report email. You can include basic html in here.
‘Limit of Requests Displayed in the Log’ – maximum of requests displayed in the ‘GDPR Request Log’ tab.
‘Give customers “Right to be Forgotten”‘ – if you want to allow your customers to delete their accounts this needs to be set to ‘Yes’. Setting this to ‘No’ will disable the form even if you have a page with a shortcode active.

Once you completed configuration you will have follow the steps below:

  1. Create pages for each form – one for data report and one for right to be forgotten (this is optional as you can include the forms in an existing page like privacy policy text. It is not recommended to insert both forms on one page).

  2. Insert the forms shortcodes on the pages:

    • GDPR Data Report: [gdpr-request-form]
    • Right to be Forgotten: [gdpr-forget-me-request-form]
      Both shortcodes can accept 3 parameters that allow you to add custom styles for headers, paragraphs and submit buttons.
      Example shortcode with custom classes added should look like:
      [gdpr-forget-me-request-form text_classes=”class1 class2″ header_classes=”class3″ button_classes=”class4″]

Screenshots

  • General settings.
  • User field to be displayed in the GDPR report.
  • GDPR request log.
  • Page with the GDPR request form embedded.
  • Confirmation email.
  • Right to be forgotten request confirmation email.
  • Report email.

FAQ

How is personal data deleted?

Any user meta data is deleted. Any user data in the user table is anonymized which means the record remains in the Database and can still be linked with other data by id but no personal data can be retrieved anymore.

Sample data before anonymization:
user_login: joe_admin; user_nicename:joe; user_email: joe@example.com

Sample data after anonymization:
user_login: XJbmJ0tu8; user_nicename:8ty; user_email: Ti4g51CbuL5ttsD3

Can the plugin be translated to my language?

Yes, a base .pot file is included so it can be translated to your language.

Reviews

Mei 16, 2018
I couldn’t see how I could customise the emails and more importantly when I clicked on the confirmation link in the emails, the message that I received in the website was “Please make sure you are using a complete confirmation link”. I don’t have time to dabble with the code to fix it.
Mei 14, 2018
Proste ale wystarczające narzędzie do obsługi prawa które od 25 maja 2018 roku wprowadza RODO (eng GDPR) w kwestii żądań klientów. PS. W większości spolszczone (14-05-2018)
Mei 11, 2018
This plugin is great, well done! It makes it easy to provide users with the ability to either request an automated report showing their data used on the site, or request their account and data be deleted. The logging of these requests is very handy too.
Aprili 17, 2018
I have searched high and low to find a GDPR plugin that just works. One I can install on my wordpress site and on my clients wordpress sites, without the need to perform under the hood configuration. Non of the plugins worked as expected. This plugin works as described, is easy to install, easy to configure (with short codes) and emails simple to read reports and requires the user to verify the address for both information requests and deletion requests. I would highly recommend this plug in! Thank you to the developers for ending weeks of frustration and helping get my sites GDPR ready with little fuss!
Soma maoni yote 5

Wachangiaji & Wasanidi

“GDPR Personal Data Reports” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0.0 Initial release.
1.0.1 Added plugin prefix to all plugin CSS classes.
1.0.2 Added CSS wrapper class to the forms code.
1.0.3 Add German language files.
1.0.4 Fix issues with the forget me form.
1.0.5 Update how request record is created.