The European Union's General Data Protection Regulation, or GDPR, is currently the number one topic in the fields related to data and security after data breaches had become a politically sensitive issue. Whether your website is based in the EU or not you need to be aware of GDPR and to make your website compliant with it.
If you're not headquartered in an EU country, you probably have users or visitors inside the EU and who you are forced to provide with the consensual rights that are listed in GDPR if you don't want trouble with their government. The penalty imposed on a company for not complying with GDPR can be up to €20 million ($24 million) or 4% of annual turnover, whichever is larger.
Basically, users (at least those inside the EU who are protected by GDPR) must have a say in how their data should be handled or whether they want it erased completely.
WordPress isn't very hospitable to such a feature for reasons that will be mentioned inside the article, but there are plugins that can handle this and enable you to make your website fully compliant with GDPR standards of data protection. In this article are 5 of the top GDPR-compliance plugins out there.
Table of Contents
Best GDPR Compliance Plugins
- WP GDPR
- GDPR Framework
- All-in-One GDPR
- WordPress GDPR
1. WP GDPR
- Price: Basic (€20/year) – Freelance (€25/month) – Plus (€50/year) – Pro (€50/year) – Agency (€80/year)
This plugin's foremost aim is to make users, who are considered the owners of their data, capable of accessing that data. WP GDPR Core lets users do so without even having to own a WordPress account.
They can access their data using special links that they will receive via email. What the plugin does is add a page to your WordPress website which will appear in your website's list of pages and where users will be able to request access to their data.
As the admin, you will receive these requests on the backend, and you will get to see which of the plugins activated on your website are collecting data and therefore might require data access requests. You can thereby add checkboxes next to these plugins for that purpose.
When a user makes a data access request, they receive a special URL on their email, and through that email, they can view their comments on the website, as well as edit, update, or download these comments. They can also ask for the removal of any of their comments. You won't need to approve the sending out of these emails.
The WP GDPR Core plugin will automate them. All you need to do is delete the data that the user asks to have deleted. There are five different templates for the emails.
Most important of all are the form consents. The plugin lets you add a consent checkbox next to the comment field so that users can give their consent before submitting their comments.
You can also hide or enable hiding the comment section altogether. Any data submitted by a user becomes automatically considered a GDPR entry and therefore is made accessible to the user (owner) through the same special URL sent to their email. Finally, the plugin's data protection features can be extended to other major plugins through add-ons. WP GDPR integrates with Gravity Forms, Flamingo, Contact Form 7, MailChimp, and WooCommerce.
That way you can equally secure and make accessible the information that users fill into the forms on your website as well as on your online store.
2. GDPR Framework
There are plenty of plugins related to GDPR compliance, but rarely will you find one that was designed based on such a profound understanding of the regulation. GDPR Framework was created in collaboration with a prominent European business and IT law firm called Triniti in order to make it as compliant as possible with the regulation's specificities.
That's why besides the plugin's technical functions, it comes with a thorough GDPR guide that anyone uneducated in law can fully comprehend.
GDPR Framework allows users, whether they are registered users or one-time visitors, to access their personal data on your website. They are allowed to view it, export it, or delete it as they wish.
You can set up the plugin to have it automatically delete data or make it anonymous. Another option is to allow your team of admins or yourself to approve the deletion of data upon a user's request.
You would receive a notification on the admin panel whenever a request is made. Generally, the plugin enables you to track users' data-related consent, which is basically the cornerstone of GDPR. You also have the capability to withdraw that consent at will, although that might harm your website in countries where GDPR applies.
There are updates yet to come that will boost the plugin's capabilities even further. It will be integrated with WooCommerce and made more compatible with WordPress. There will also be modifications to the plugin's consent tracking features. Anyhow, GDPR Framework is developer-friendly, which means that all of its features can be extended with the help of a software developer.
3. All-in-One GDPR
- Price: Single (£49) – Single + All Integrations (£75) – Agency (£500)
All-in-One GDPR is really what its name implies. By installing the plugin, you get to have your own privacy center. The GDPR Privacy Center, as it is called on the website, is basically the dashboard through which you are supposed to manage your customers' data.
The Center is equipped with everything you might need to protect that data, provide your users access to their personal data, and generally run it in a manner that is compliant with GDPR restrictions. The access requests that your users will send in order to view or edit their data will appear inside your Privacy Center, and from there you can approve or decline their requests.
Users will have their own privacy centers where they will get to send out the requests, as well as configure their own privacy settings. Through the Privacy Center, users will also be enabled to contact whoever on your team is responsible for data protection.
The setup of the plugin involves no more than a single click and you will be good to go. Upon installation, a privacy page is automatically created (i.e. Whatever.com/Privacy).
The plugin provides 6 features that will make your website fully compliant with GDPR. First of all, they will have the option to unsubscribe from mailing lists.
As I already mentioned, they will get to contact your Data Protection Officer and can send requests in order to have their data completely erased from your database. In contrast, they can even request to have the data archived, which the plugin handles as well. The contact details of that officer can be set from inside the dashboard.
The plugin has a Cookie Notice feature that lets you request the users' explicit consent when data is being processed. The cookie can be edited at any time, and you can choose between different styles for the cookie notice (i.e. pop or banner style). That way concent can be monitored and logged by the type of user (authenticated or non-authenticated).
The last thing to be mentioned here is the plugin's integrations. First of these integrations is Intercom. This one lets All-in-One GDPR use Intercom's API in order to ensure that any data related to a user is deleted whenever they send a request for that.
The plugin also integrates with Ninja Forms and Gravity Forms, allowing you to create online forms and enabling the plugin to protect users' data that is filled into any of the forms on your website. Last but not least, it integrates with MailChimp. That one is intended to delete users from mailing lists whenever they send an unsubscribe request.
- Price: Personal/One Site (€39) – Business/Three Sites (€79) – Unlimited Sites (€199)
WPUpgrader was obviously designed specifically for WordPress, but what is truly amazing is not its seamless integration with WP so much as its adaptability to individual websites and the customizability of its features.
Adding a feature that lets you request the consent of your users with regards to the handling of their data is quite a complex process in and of itself since the WordPress platform was not created with such a purpose in mind.
The brilliance of this plugins is that it was made to add such a feature without having to substantially alter the original website's code. On top of that, though, WPUpgrader also scans every website in order to conclude what sorts of consent are most crucial in your particular situation.
One of the plugin's default features makes it automatically disable any plugins until it receives the user's consent. That is because there are many plugins, like analytics and social media plugins, for instance, that include scripts from other websites or that might place cookies on the users' devices.
That way you will substantially minimize all sorts of nonconsensual data-collection. This is another thing that is pretty hard to integrate into WordPress because the platform is not so flexible as to enable infinite forms and mixes of the website's script to be enacted based on the users' data protection preferences.
The good thing is, WPUpgrader's shortcodes will enable you to embed the consent requests anywhere you want on the website. You can even embed them inside the website's privacy statement.
5. WordPress GDPR
WordPress GDPR is another comprehensive plugin in this category, and there are actually certain aspects of GDPR that are negligible and are indeed neglected by many plugins that are covered here.
First among these is the data breach announcement feature by which you will be able to inform your website's visitors whenever a data breach is found possible. GDPR does require that of website operators. Also, before any cookies are stored on your website, users will have to be informed of that as well, and it is their consent that will determine whether they will be stored or not.
The plugin also enables your users to contact your data protection officer which you will get to assign. That person, or maybe yourself, will be responsible for answering the data-related questions that are asked by users.
Another thing that users will be allowed to do is send a data access request, and based on these requests you can send them their data archives via email. You can do so manually as well without waiting for their requests. They can view their personal data or else request its complete erasure from your website. This way the users will be given full control over their information.
WordPress GDPR is also quite flexible and extendable. The plugin integrates with several major platforms. First and foremost among these is WooCommerce, which will help you protect the privacy of your online customers.
It is also compatible with Contact Form 7 and MailChimp, and if you're using BuddyPress to run a forum, it integrates with that as well. Add to these Google Analytics, Google Adwords, and Facebook, three of the most data-rich platforms on the entire internet. Finally, the plugin can be translated into multiple languages since it can be integrated with WPML.