How to Create GDPR Compliant Forms?

|

GDPR stands for General Data Protection Regulation and is a European regulation meant to give consumers more control over their personal data. All organizations‘ handling’ personal data of citizens or residents of the European Union (EU) have to comply with GDPR. This rule will be in effect from May 25th, 2018

If you are a website owner that collects user data like email, address, phone number and so on from EU residents then you need to comply with the GDPR law. Since our plugins User Registration and Everest Forms collect users data we will outline on the ways to make your site GDPR compliant.

How to make Everest forms GDPR compliant

How to make User Registration GDPR compliant

Please do remember that this is not a legal advice and shouldn’t be taken as a final advice. We are not in a position to provide you with any legal advice on GDPR compliance. Please consult with your lawyer for legal advice on compliance with your site.

How to make Everest Forms GDPR Compliant?

If you are using Everest Forms on your site to collect user information here are few things you need to do to make your forms GDPR complaint.

Note: Make sure that you have updated the plugin to the latest version or higher than version 1.1.6

Asking for User Consent

Before a user submits a form, make sure they are presented with a checkbox asking for their consent or approval for collecting their personal data. Create a privacy policy and let your user clearly know how the submitted data will be used. This can be easily done in Everest Forms by using the checkboxes Field. You can create a GDPR Agreement checkbox and make sure this is required in order for the form to be submitted. Also, make sure the agreement is not hidden with other terms and conditions and are clearly accessible.

Everest Form User Consent

Right to access data

As per GDPR users have the right to access the data that has been submitted or stored. This can be achieved by simply creating data request form in your privacy policy page. You can simply search for the user’s data by name, email and other parameter using the search field.

search-entries

Also, you can completely disable the form entries. This can be done from Settings->General->Disable Form entries

By disable form entries form data are not stored on your site and are directly sent to your email.

Disable Form Enties

Right to be Forgotten

If you are storing the forms entries then you can also search and delete the form entries. Search can be made from name, email address and other fields. The submitted data can be easily deleted as per user’s request. Make sure you allow your user to contact you easily if they wish to have their data easily. This can be done by placing simple form and providing the form link on your privacy policy.

Disable IP Address and User Agent stored in database.

By default our plugin stores the IP Address and User Agents on our entries. You can simply disable this from Everest Forms->Settings->General->Disable User Details

How to make User Registration GDPR Compliant?

Note: Make sure your plugin is updated to the latest version of User Registration or greater than v1.3.1 

Asking for User Consent

Taking user consent before a user is registered on your site is easy. Simply use the Privacy Policy field to ask for the user’s approval. Make sure this field is marked required and clearly state how you are going to use the submitted data on your privacy policy page.

User Registration privacy policy field

accept-privacy-policy-form

Right to access data

Your users have the right to access the data that you stored on your site. The user can easily access all the data stored on your site via the account profile shortcode. For more detail please refer to our docs. They can even change or update their personal information as per their need. We have also made User Registration plugin compatible with the Export/Erase Personal Data tool that is introduced in the latest version of WordPress i.e 4.9.6

You can simply go to Tools->Export Personal Data and enter the email or username and click on Send Request. The user will then receive an email confirming whether he/she really asked for the personal data stored on your site. If the user accepts the request by clicking on the request link, the user will be listed as confirmed and an Email Data button will appear on your dashboard as shown on the screenshot below. Simply click on the Email Data button to send the user the personal data.

export-personal-data

The user will receive a zip file inside which an HTML file will contain all the personal information including the ones that are collected by User Registration Plugin.

personal-data

Right to be Forgotten

A registered user might request a site owner to delete any personal data stored by our plugin and your site. In that case, you can simply erase any personal data by using WordPress Eraser tool. Go to Tools->Erase Personal Data.

User Registration plugin hooks all the data to this tool. So if you erase the data via this tool, any extra information saved by the User Registration plugin will be deleted.

Simply enter the email or username of the user who requested their data to be deleted and click on send request button.

A request email will be triggered to the user asking if he/she would like to delete the personal data associated with your site. Upon clicking the link provided in the email, by the user, a button will appear to erase the data. Simply click on the Erase Personal Data button to delete any personal data associated with the plugin

erase-personal-data

However, do remember that default user fields like Email, First Name, Last Name, Nickname etc will only be deleted once the user is manually deleted by admin from users page in your dashboard. All other extra information apart from the default WordPress fields associated will be deleted by clicking the Erase button.

If you have any queries then just drop your comment or contact us directly via our contact form.

Rabin

An Electronics engineer by qualification who fell in love with WordPress and coding stuff in early 2012. Always looking to deliver something new and eagerness to learn stuff around the web is what keeps me sane for all these years.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top

Pin It on Pinterest