In our upcoming release (v1.3) of the WordPress GDPR Compliance plugin we will give your users the chance to request all of their data available in your sites’ database. Upon reviewing their own data it is also possible to put in an additional request for deletion of said data.
We believe this to be an impactful measure for most sites and shops using WordPress and other content management systems.
The right to be forgotten
This has everything to do with GDPR’s ‘right to erasure’ also known as ‘the right to be forgotten’. Effectively this means users can request all of their personal data to be deleted from your database. Completely wiped from existence.
We suspect deleting records in a WordPress database may cause problems for certain plugins and page builders. As a WordPress agency we know this can also confuse site owners: “where did the content go!?”
Even though a user is merely asking for deletion of his or her data that user can be linked to any kind of content depending on your sites architecture. WordPress users can for example be linked to posts, pages, comments, orders, locations or even be a post type themselves which is then linked to an off-site CRM.
When relying on WooCommerce deleting a user means orders previously linked to that user become incomplete and unusable.
While writing this post the work on the ‘right to access’ functionality is progressing steadily. The 1.3 update also allows users to send in an additional request to anonymise their data.
Version 1.3 of the WP GDPR Compliance plugin will not allow deletion of database records of any kind. It is most likely our last release before GDPR becomes active on May 25th and we don’t want to run the risk of causing havoc in over 10,000 WordPress installs using our plugin at this time.
Users’ requests will be visible for the site owner in WordPress and after inspecting the request a tap on the ‘anonymise’ button will do the trick. Depending on the plugin using that piece of data this will mean personal data like name, IP and e-mail address will be substituted for an unrelated string or become blank.
This way WooCommerce orders will stay intact but don’t contain personal data anymore. In other words: the order cannot be traced back to the individual who ordered it.
Upon releasing 1.3 we’ll be clear on how the anonymise function works for every plugin we support.
After May 25th
After May 25th development of the plugin will continue. We’ll also have to review how GDPR is enforced and what changes to the plugin are most urgent.
The WordPress Core team is working on privacy related functionality as well so with all the efforts going on it will become clearer what the technical impact of deleting records will be.
Until the next update – ciao!