Documentation

Ideally 3rd-party plugins and WordPress Core take care of everything GDPR related on their own and our plugin isn’t needed at all. But as of now (May 2018) taking care of GDPR is fragmented with every plugin developer figuring out the best solution on their own. As a WordPress development agency we figured whenever we help a client get a certain plugin or theme compliant as best we can we might as well share it through the WP GDPR Compliance plugin with the whole community.

Most features of the WP GDPR Compliance plugin are very impactful: to comply with GDPR we add checkboxes, create pages and log certain data. And give you control over all of that.

On this page we tell you what ALL of the options do and how you can use them to your benefit.

Last updated for version: 1.4.4

= = = = =

Installation

Install through the WordPress Plugin Directory or upload the plugin through your favorite FTP-client.

We now talk you through all of the plugins’ functions.

= = = = =

Integrations tab

The Integrations tab shows you the 3rd-part plugins we support IF you have any of those activated on your site already:

  • Contact Form 7 (>= 4.6)
  • Gravity Forms (>= 1.9)
  • WooCommerce (>= 2.5.0)
  • WordPress Comments (WP Core)

We cannot support WP Comments when you use Jetpack.

= = = = =

Integrations tab: Contact Form 7 (CF7)

If you use Contact Form 7 and enable GDPR compliance you will see all of the active forms you have already created. You can then activate the GDPR checkbox for each form individually.

Activating means ‘adding a checkbox’ to that form. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

The %privacy_policy% tag

We created this specifically for this plugin and let you control it under Settings. It simply creates a link to your Privacy Policy page. A page you should create yourself in WordPress.

Contact Form 7 doesn’t store any data (and thus no consents)

Because Contact Form 7 sends its submitted messaged to you via email rather than store it in the WordPress database the WP GDPR Compliance plugin doesn’t store ANY data going through CF7.

Hook(s) used for Contact Form 7

wpgdprc_cf7_mail_body_output
wpgdprc_cf7_checkbox_text
wpgdprc_cf7_error_message
wpcf7_init
wpcf7_before_send_mail
wpcf7_validate_wpgdprc

= = = = =

Integrations tab: Gravity Forms (GF)

Activating the GDPR checkbox per form for Gravity Forms works the same as with Contact Form 7. First you enable the integration with Gravity Forms after which all of your existing forms will show up and you can activate the GDPR checkbox for each form.

Activating means ‘adding a checkbox’ to that form. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

Gravity Forms stores consents in the entries

To make everything fit neatly together we log the consent given in the Gravity Forms entry itself.

This means after you’ve activated the GDPR checkbox for a form a ‘Privacy’ column will show up when you view the entries for that form in Gravity Forms. And in that column it can say one of two things per entry: ‘Not accepted’ or ‘Accepted on [date, time]’. The date and time notation will correspond with that of your WordPress installation.

‘Not accepted’ is the default value because before you were using WP GDPR Compliance visitors couldn’t comply yet. 😉

Hook(s) used for Gravity Forms

wpgdprc_gforms_field_args
wpgdprc_gforms_accepted_date_column_in_entry_overview
wpgdprc_gforms_accepted_date_in_entry_overview
wpgdprc_gforms_accepted_date_in_entry
wpgdprc_gforms_accepted_date_to_entry
wpgdprc_gforms_validation_message
wpgdprc_gforms_checkbox_text
wpgdprc_gforms_error_message
wpgdprc_gforms_required_message
gform_entries_field_value
gform_get_field_value
gform_entry_list_columns_
gform_save_field_value_
gform_validation_

= = = = =

Integrations tab: WooCommerce (WC)

When enabling the GDPR checkbox for WooCommerce it will add a checkbox to your checkout page instantly. After activating you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

Most WooCommerce shops are already using a ‘Terms and conditions’ checkbox which can be found under WooCommerce > Settings > Checkout tab. Right now the GDPR plugin does not do anything with this particular checkbox so you might want to switch it off and mention your terms in the GDPR ‘Checkbox text’.

WooCommerce stores consents in the orders

To make everything fit neatly together we log the consent given in each order itself.

This means after you’ve activated the GDPR checkbox for WooCommerce each order contains a GDPR status which is either ‘Not accepted’ or ‘Accepted on [date, time]’. The date and time notation will correspond with that of your WordPress installation.

‘Not accepted’ is the default value because before you were using WP GDPR Compliance visitors couldn’t comply yet. 😉

Hook(s) used for WooCommerce

wpgdprc_woocommerce_field_args
wpgdprc_woocommerce_accepted_date_in_order_data
wpgdprc_accepted_date_column_in_woocommerce_order_overview
wpgdprc_accepted_date_in_woocommerce_order_overview
woocommerce_checkout_process
woocommerce_register_post
woocommerce_review_order_before_submit
woocommerce_register_form
woocommerce_checkout_update_order_meta
woocommerce_admin_order_data_after_order_details
manage_edit-shop_order_columns
manage_shop_order_posts_custom_column

= = = = =

Integrations tab: WordPress Comments

When enabling the GDPR checkbox for WordPress Comments a checkbox will be added to your comment form right away. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

When using Jetpack Comments the checkbox can sadly not be added.

WordPress Comments stores consents in the comments

To make everything fit neatly together we log the consent given in each comment itself.

This means after you’ve activated the GDPR checkbox for WordPress Comments each comment contains a GDPR status which is either ‘Not accepted’ or ‘Accepted on [date, time]’. The date and time notation will correspond with that of your WordPress installation.

‘Not accepted’ is the default value because before you were using WP GDPR Compliance your visitors couldn’t comply yet. 😉

Hook(s) used for WooCommerce

wpgdprc_wordpress_field
wpgdprc_accepted_date_column_in_comment_overview
comment_form_submit_field
pre_comment_on_post
comment_post
manage_edit-comments_columns
manage_comments_custom_column

= = = = =

Consents tab

Under GDPR you need to ask visitors to give their explicit consent for tracking scripts and cookies. In this tab you can add and remove the necessary scripts one by one. For example most sites will add their Google Analytics or Facebook Pixel code here.

The fields per Consent are:

  1. Active checkbox – if you want this Consent to show up for your visitors or not.
  2. Title – the main ‘reason’ you are asking permission for. This can be the name of a tool (‘Google Analytics’) or it can be broader (‘Advertising’) depending on your needs.
  3. Description – an in-depth description of what people are agreeing too and what this will mean for their personal data and their visit.
  4. Code Snippet – this is where you add the code.
  5. Code Wrap – wrap in <script> tags or not.
  6. Placement – whether you want the Code Snippet to be added in the ‘head’ or ‘footer’ of your site.
  7. Required checkbox – if giving the consent is absolutely necessary.

Consents in the Settings tab

Under the Settings tab you find several things regarding the Consents. First off: when an active Consent is present a ‘Consent bar’ will show on the frontend of your website informing every visitor of their rights. This bar contains a ‘My settings’ text link and an ‘Accept’ button.

‘My settings’ leads to a modal (a kind of popup) showing all of the created Consents. Per Consent a visitor can allow for the script to be placed or not.

‘Accept’ means all the active Consents are accepted as ‘on’ or ‘allowed’.

On the Settings tab you can edit the explanation in the bar itself and change the title and description of the modal.

Because withdrawal of consent needs to be as easy as giving it we’ve created a shortcode and a menu class so your vistors can get to the modal after accepting.

{wpgdprc_consents_settings_link}My settings{/wpgdprc_consents_settings_link}

Make sure you replace the { and } tags for [ and ]. Of course you can change ‘My settings’ to whatever text you want.

The menu class is: wpgdprc-consents-settings-link

If you don’t see the option to add a menu class to your WordPress menu go to Appearance > Menus > Screen Options (top right) > tick the ‘CSS Classes’ checkbox.

= = = = =

Requests tab

Yet another part of GDPR allows your visitors to view, edit and delete the data you have stored on them. By creating the page through Settings tab > Request User Data > Activate page or by simply putting this shortcode {wpgdprc_access_request_form} on a page you let your visitors send in such a request. We call this the ‘access request’.

Make sure you replace the { and } tags for [ and ].

In the Requests tab all of the access requests are shown and when data linked to the provided email address can be found it shows up in the ‘Requests to Process’ column. Clicking on this number lets a website owner investigate data found.

‘0’ (null) simply means no data with that email address could be found.

This request collects:

  • WordPress Users
  • WordPress Comments
  • WooCommerce orders

An email is then automatically send to the requester containing a link to the Request User Data page on your website. This time the page shows Users, Comments and Orders found or gives a notification if nothing was found. Found data can then be ticked to be deleted. This is the ‘Delete Request’ and again shows up under the Requests tab.

This link is available for 24 hours and can only be reached from the same device, IP address and browser session the request was performed on.

It us up to website owners to take care of the delete request. Through the Requests tab we let you anonymise all the data from a delete request.

For WordPress Users this means:

  • User ID
  • Display name
  • Nickname
  • First name
  • Last name
  • User email

For WordPress Comments this means:

  • Comment ID
  • Comment author
  • Comment author email
  • Comment author IP

For WooCommerce Orders this means:

  • Billing first name
  • Billing last name
  • Billing company
  • Billing address 1
  • Billing address 2
  • Billing postcode
  • Billing city
  • Billing phone
  • Billing email
  • Shipping first name
  • Shipping last name
  • Shipping company
  • Shipping address 1
  • Shipping address 2
  • Shipping postcode
  • Shipping city

Requests are anonymised automatically through a cronjob after 30 days. At this time a user has to put in a new request.

Hooks(s) used for the access requests:

wpgdprc_the_content
wpgdprc_request_form
wpgdprc_request_form_email_label
wpgdprc_request_form_email_field
wpgdprc_request_form_consent_field
wpgdprc_request_form_submit_field
wpgdprc_access_request_mail_subject
wpgdprc_access_request_mail_content
wpgdprc_delete_request_admin_mail_subject
wpgdprc_delete_request_admin_mail_content
wpgdprc_delete_request_mail_subject
wpgdprc_delete_request_mail_content
wpgdprc_delete_request_admin_mail_content

Requests in the Settings tab

Under the Settings tab you can activate the Requests page.

= = = = =

Checklist tab

This is how the plugin started out. By letting you check some common website features we give some general advise on what to do.

Using the toggle buttons has no effect other then showing you additional information.