I recently pushed out an update to the Bitcoin and Altcoin Wallets WordPress plugin that helps site admins comply with GDPR. The General Data Protection Regulation is the new legal framework of the European Union that dictates how personal data must be handled. It will come into effect on the
Respecting the law
A typical website handles personal data in at least a dozen different ways and typically many of these are not known to the site owner or administrator. It is however the legal responsibility of the designated data operator to inform the users as to how and why this data is collected. Additionally, a user has the right to request a copy of their personal data, or they can request that this data is deleted.
WordPress will introduce three new features in 4.9.6 to help admins meet these requirements. Themes and plugins should hook into these features as needed, depending on whether they handle personal data. This article is not intended as legal advice. I will only cover the technical aspect of how to use these features as a Theme or Plugin author, because this technical information is not easy to find at the moment. As of writing this article, the information is not yet in the Codex.
If you are a theme or plugin creator and you have your work hosted on wordpress.org, you should definitely aim to provide support for GDPR compliance soon. At some point in the future the wordpress.org site will start reviewing plugins for GDPR compliance. Authors who have not yet done the necessary changes will have to comply or risk having their plugins taken down.
init. An example of how to do this is currently found here.
(see also ticket #43546)
When a user requests a copy of their personal data, you can use the new tool under Admin → Tools → Export Personal Data. The process involves an authorization step, to make sure that you do not give out data to anyone else, rather than the owner. Your code can append any data handled by your plugin. Simply hook into the
wp_privacy_personal_data_exporters filter to add a name and a callable that points to your exporter. Clear information and an example of how to do this can be found here. Your actual exporter function takes an email and a page number and should return the data in the way described in the example. The page number is essentially there to export the data in batches. This is done to avoid timeouts in case the export takes too long.
Eventually the information about exporters should be added to this page in the Codex.
(see also ticket #43602)
When a user requests that their data is erased, you should use the new tool under Admin → Tools → Erase Personal Data. WordPress does not actually delete user records, but instead blanks any personal fields such as names and IP addresses.
As of publishing this article, there is not much information out there on how to hook an eraser, but the process is virtually identical to the data exporters: You first hook into
wp_privacy_personal_data_erasers to specify a name and callable to your eraser. Then your eraser takes an email and a page number and should proceed to delete any personal data associated with that email. I could not find any documentation on the data structure that should be returned by the eraser (other than in the dev ticket), but it was not hard to infer it from the source code. It should return something like:
return array( 'items_removed' => $items_removed_count, 'items_retained' => $items_retained_count, 'messages' => array( 'These messages will be displayed to the admin after erasure', 'You can add as many messages as you like, apparently!', ), 'done' => true, // Set to false if deletion needs to continue on the next call. Useful for deleting data in batches. );
Eventually the information about erasers should be added to this page in the Codex.
A real world example
Eventually instructions on all of this will be included in the WordPress documentation, including the Plugin Developer handbook and the Codex.