Privacy Tools page: accessing, exporting and deleting personal data
GDPR grants individuals many new rights regarding their personal data. From the perspective of your WordPress website, the three most important rights are:
- Your visitors can request to access any personal data you’ve gathered about them
- Your visitors can request to export their personal data in machine-readable format
- Your visitors can request to delete their personal data
Unless you have a good, legally backed reason, you are obliged to comply in 30 days.
Note that even if your website does not have user accounts, you might still be collecting visitors personal data. For example, analytics, comments, reviews and any kinds of form submissions may contain personal data.
The GDPR Framework provides an automatic, configurable solution for all this. Read more below.
Granting access (GDPR Art. 15)
The data subject has the right to know whether their personal data is being gathered and/or processed. If this is the case, they have the right to access the data. The right to access includes the right for the copy of their personal data that is being processed. An electronic copy is sufficient in most cases.
Obviously, you have to identify the data subject before giving out any information.
Note that this doesn’t include data about a person that you have created. For example, if you have stored a customer’s shopping history on your site, you’ll need to provide access to it. However, if you’ve made notes about which products you should recommend to them based on their shopping history, then you don’t need to share these notes.
Erasure of personal data – right to be forgotten (GDPR Art. 17)
The data subject has the right to demand erasure of their personal data if:
- basis for processing was consent and he/she withdraws it;
- data is not needed for the purpose it was gathered;
- processing was not lawful;
- there is a legal obligation for erasure.
Note that if you have shared a data subject’s personal data with a third party, you are obliged to inform them that this data has to be erased.
Most of the time, if a data subject requests erasure and the above mentioned conditions are met, you are obliged to comply. However, there are some exceptions. The most relevant exception is probably invoice data, which you are probably legally obliged to keep. Read more about this here.
Obligation to provide data portability option (GDPR Art. 20)
The data subject may decide to take all their personal data from you and go somewhere else with it. This means that you have to be able to provide the data to them in a machine-readable format or alternatively, transfer it directly to another company or service. The obligation to provide data portability is valid only if:
- processing is based on data subject’s consent, and
- processing is carried out by automated means
What you can do right now
The WordPress GDPR Framework provides a Privacy Tools page where visitors can authenticate via email or login. On that page, they will be able to:
- Request to view their personal data,
- Request to export their personal data in a machine-readable format,
- Request to delete their personal data,
- View and withdraw consents they have given (more on that later).
You can configure the plugin to allow customers to view, export or delete their personal data automatically – or you can have the plugin send you an email notification instead so you can handle their request manually. You can also configure the plugin to anonymize data instead of deleting it. This might be useful for analytics purposes, subscriptions, etc. Read more about how anonymization works.
An important note regarding handling visitor requests manually
A side effect of GDPR is that people are going to start abusing their new rights. We are aware of at least one big, respected law agency who is telling many of their clients that they’ll probably see no more than 5-6 of these requests per month. This is naive and dangerous. Internet brigading is a real threat. It’s not too difficult to find 100 people who are willing spend 5 minutes to create an account and then request data from you. If there are groups of people who are annoyed with your company for some reason, this number can grow significantly. Be prepared and automate everything.
In the case of the GDPR Framework, if you have the “download” and “delete” buttons on your website, you should expect that people will use them. Be careful if you configure the plugin to only notify you. Consider how long it takes to handle a request manually and then consider what happens if you get 10 of these in a day. Or what if you get 100?
However, if you have a small website, this is probably not something you need to worry about.
Configuring the plugin
The GDPR Framework can be configured in the admin dashboard via Tools > Privacy.
Here is an overview of all the configuration options.
Enabling Privacy Tools
Selecting the Privacy Tools page
Note that this dropdown only controls where various links on your website point to (more on that later). The actual contents of the page are displayed by adding the [ gdpr_privacy_tools ] shortcode (without spaces) inside the page content.
Configuration options: View / Export data
Let’s go over the options:
Automatically allow the customer to download data.
The data subject will be able to download all the data in HTML or JSON format automatically.
Automatically download data and notify you via email.
This is useful if you want to see how often this feature is used, or if you want to double-check what kind of data the data subject has received.
Only notify you via email.
This is useful if you need to get some of the data manually or if you want to double-check the data before sending it to the data subject. However, note that in this case, you are obliged to send the data to the customer manually within 30 days.
Exporting customer data manually
Configuration options: Delete data
Automatically anonymize data.
All customer data is anonymized. Their account will not be deleted, but their username is removed and they will no longer be able to log in. Their comments will be deleted. Read more about how anonymizing data works.
Automatically delete data.
All customer data and comments are automatically deleted, including their account, if they have one.
Automatically anonymize data and notify you via email.
The customer email (and account ID, if there is one) will be sent to you via email. This allows you to double-check your database. Read more about how anonymizing data works.
Automatically delete data and notify you via email.
The customer email (and account ID, if there was one) will be sent to you via email. This allows you to double-check your database.
Only notify you via email.
This is useful if you want to double-check the data before removing it. However, note that in this case, you are obliged to delete or anonymize the personal data within 30 days.
An important note on emails
The notification emails contain the data subject’s email address, which also counts as personal data. You should delete them once you no longer need them (and within 30 days).
Deleting and reassigning content
If you configure the GDPR Framework to automatically delete personal data, you also have the option to select whether any content (e.g. pages, posts) created by the deleted user account is also deleted or assigned to another user instead. If your website doesn’t allow customers to create posts or other content (excluding comments and reviews), you can safely ignore this option.