🇪🇺 GDPR for WordPress plugin authors

I recently pushed out an update to the Bitcoin and Altcoin Wallets WordPress plugin that helps site admins comply with GDPR. The General Data Protection Regulation is the new legal framework of the European Union that dictates how personal data must be handled. It will come into effect on the

Respecting the law

A typical website handles personal data in at least a dozen different ways and typically many of these are not known to the site owner or administrator. It is however the legal responsibility of the designated data operator to inform the users as to how and why this data is collected. Additionally, a user has the right to request a copy of their personal data, or they can request that this data is deleted.

WordPress will introduce three new features in 4.9.6 to help admins meet these requirements. Themes and plugins should hook into these features as needed, depending on whether they handle personal data. This article is not intended as legal advice. I will only cover the technical aspect of how to use these features as a Theme or Plugin author, because this technical information is not easy to find at the moment. As of writing this article, the information is not yet in the Codex.

If you are a theme or plugin creator and you have your work hosted on wordpress.org, you should definitely aim to provide support for GDPR compliance soon. At some point in the future the wordpress.org site will start reviewing plugins for GDPR compliance. Authors who have not yet done the necessary changes will have to comply or risk having their plugins taken down.

Privacy policy

This is a text that any site needs to have. It is where you explain to your users how and why you collect personal data and what you do with it. WordPress includes a new tool to help you assemble text from the various plugins to form your privacy policy page. The tool is available under AdminSettingsPrivacy. To provide a text fragment from your plugin, you must call wp_add_privacy_policy_content() on init. An example of how to do this is currently found here.

Data exporter

(see also ticket #43546)

When a user requests a copy of their personal data, you can use the new tool under AdminToolsExport Personal Data. The process involves an authorization step, to make sure that you do not give out data to anyone else, rather than the owner. Your code can append any data handled by your plugin. Simply hook into the wp_privacy_personal_data_exporters filter to add a name and a callable that points to your exporter. Clear information and an example of how to do this can be found here. Your actual exporter function takes an email and a page number and should return the data in the way described in the example. The page number is essentially there to export the data in batches. This is done to avoid timeouts in case the export takes too long.

Eventually the information about exporters should be added to this page in the Codex.

Data eraser

(see also ticket #43602)

When a user requests that their data is erased, you should use the new tool under AdminToolsErase Personal Data. WordPress does not actually delete user records, but instead blanks any personal fields such as names and IP addresses.

As of publishing this article, there is not much information out there on how to hook an eraser, but the process is virtually identical to the data exporters: You first hook into wp_privacy_personal_data_erasers to specify a name and callable to your eraser. Then your eraser takes an email and a page number and should proceed to delete any personal data associated with that email. I could not find any documentation on the data structure that should be returned by the eraser (other than in the dev ticket), but it was not hard to infer it from the source code. It should return something like:

return array(
	'items_removed' => $items_removed_count,
	'items_retained' => $items_retained_count,
	'messages' => array(
		'These messages will be displayed to the admin after erasure',
		'You can add as many messages as you like, apparently!',
	),
	'done' => true, // Set to false if deletion needs to continue on the next call. Useful for deleting data in batches.
);

Eventually the information about erasers should be added to this page in the Codex.

A real world example

If you want to see GDPR compliance in a real world example, you can check the code I added to my plugin. It showcases some privacy policy text and two exporters and two erasers.

Eventually instructions on all of this will be included in the WordPress documentation, including the Plugin Developer handbook and the Codex.

2 thoughts on “🇪🇺 GDPR for WordPress plugin authors

  1. Thanks for taking the time to compile this information all in one place. It’ll save me (and doubtless many others) a whole bunch of time as I get up to speed on GDPR!

Leave a Reply

Your email address will not be published.