Support » Plugin: Visual Form Builder » Storage of form entries and GDPR

  • Hello, how is ist possible to disable the storage of form entries? The way the plugin stores all entries will be a problem for all EU-users soon. The EU “Data Protection Regulation” GDPR is coming (25th May).
    And there is no need to store entries only to delete them later manually.
    Please update your plugin with the option to remove the entries automatically, or not to store them at all.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Matthew Muro

    (@mmuro)

    Here is our suggestion for the GDPR: We recommend to our EU customers that they include a required checkbox on their form that states the user opts in to your site approving submission, storage, and usage of their data. If you wish to remove their information after you are finished with it, then you can delete the entries at your convenience.

    A good solution, I did it like this. Thanks for your fine plugin.

    Matthias

    This is not a solution to the real GDPR issue. There are a lot of people who think that GDPR is about adding lots of tick-boxes, and then you are covered. That is not the case at all.

    1) GDPR already grants automatic permission for someone to process the data for the direct purpose for which it is being submitted. So, for example, if you fill in a form asking for support, then it’s already implicit – and no extra consent is needed – that sufficient processing to provide that support will take place.

    2) The real problem is that GDPR only grants the right to store data *for as long as it is needed to fulfil the purpose* (with various exceptions, none of which are relevant in this case). After that, you must have a documented, audit-proof procedure for *deleting* the data. You could get round this with a “you will let me use your data forever even when I don’t need it to provide you support” checkbox (because this will be “explicit consent” for the extra storage to supplement the existing implicit consent for fulfilling the requested task)…. but that would really worry sensible people wanting to use your site.

    I believe an acceptable solution to this is automated, scheduled deletion. And here’s some code we’ve produced for it:

    https://gist.github.com/DavidAnderson684/88a8e909f51b1d93bbb80720ef29c566

    Install that as an mu-plugin, and use WP-Crontrol (or equivalent) to set up scheduled deletion. In that snippet above, all data >90 days is deleted. You should adjust that in accordance with the results of your GDPR-mandated evaluation process.

    This still leaves the issue of including the user’s data in the WP privacy export + deletion facilities (of interest: https://wordpress.org/support/topic/gdpr-include-user-data-in-wordpress-export/).

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Storage of form entries and GDPR’ is closed to new replies.