Web Niraj
  • Facebook
  • Flickr
  • Github
  • Google+
  • Linkedin
  • Twitter
  • YouTube
Online portfolio, code examples and developer blog
  • Home
  • About Me
  • Contact Me
  • Portfolio
  • WordPress
Search the site...
  • Home
  • Blog
  • Meeting your GDPR Obligations with New Export Features in WordPress

Meeting your GDPR Obligations with New Export Features in WordPress

0

By now, your WordPress blog or website should be GDPR compliant (the law came into affect today). Two of the GDPR obligations you need to fulfil are Subject Access Requests (SAR) and allowing your users or visitors to erase their data. Luckily, WordPress 4.9.6 provides two new tools to allow you to achieve just that.

The Tools section in WordPress has been updated with two new pages:

  • Export Personal Data – helping you deal with SARs, where the user requests what data you hold about them.
  • Erase Personal Data – allowing you to delete a user’s personal details easily (if they are tired to an email address).

Export Personal Data

The [Export Personal Data] option lets you enter a user’s email address, which then needs to verified by the owner of that email. Once the email has been verified, you (as the website owner) can generate a zip file of the user’s data, which is automatically emailed to the user.

If the email address was used on the site (whether in comments or as an account), the export will contain all the information about the user. I’ve produced the below report for one of the users on my site (with all personally identifiable information (PII) obscured):

As you can see, the report contains the comments this user has made on the site, along with some PII information (i.e. the email address, name and IP address). The report could also contain images uploaded by the user, in which case, a URL to the uploaded file is included in the report.

If the user’s email address isn’t used, a report will still be generated and sent, but it would only contain the email address the report was generated for, and date / time of the report.

The report is automatically emailed to the user in a Zip file, which contains a HTML report. Exports are cached on the server for 3 days and then deleted.

Erase Personal Data

The [Erase Personal Data] option allows you to meet your erasure obligations by allowing you to easily delete any user data on your site.

Like the above Export tool, it allows you to enter a user’s email address to verify their request. Once the request has been verified, you can action the deletion of their personal data from your site.

Things to be aware of

The two above tools may not work with any plugins you use that collect personal data, unless they have been specifically updated to work with the tools. WordPress provides hooks developers can use to make their plugins compatible with the exporter tools, but it’s up to the developers to implement the functionality.

Until such time as your favourite plugin has been updated, you may still need to export or erase some personal data manually.

 

Data Export, GDPR, WordPress, WordPress Plugins

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Support me via Patreon

Become a Patron!

StackExchange / StackOverflow

profile for Niraj Shah on Stack Exchange, a network of free, community-driven Q&A sites

Tags

Amazon Web Services Android Android 4.4 KitKat Android 5.0 Lollipop Apache API Application Backup Bug Command Line Cordova Example Facebook Facebook Graph API Facebook PHP SDK 4.0 Facebook Social Plugins Fan Page Flash Geolocation Google Nexus 5 Google Nexus One HTML5 Image Manipulation iOS iPhone JavaScript jQuery Laravel 5 Linux NodeJS Parse PDF PHP Plugin Portfolio Security Server SSH SSL Sysadmin Tutorial Wonga.com WordPress WordPress Plugins YouTube
© 2011-2019 Niraj Shah
  • Privacy Policy
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy Policy