We have followed every tutorial and guides out there and have decided that eForm v4.2 has already the tools you need to make your eForms GDPR complaint. This guide will tell you how.
#1: Do not collect Private Data
- eForm by default collects IP address from users who submits data. This can be turned off from Form Settings > Form Submission > Log IP Address.
- Disable any Google Analytics from Form Settings > Google Analytics.
- When you want to collect user name, email etc, make sure to have them check your terms & condition and/or privacy. This can be done either by inserting a simple checkbox or use the built-in feature from Form Settings > General Settings > Terms & Condition Page.
#2: Ability to view submitted data
- When eForm is being submitted, it generates an unique trackback link. Make sure you have setup the trackback page for this to work. Then when showing the success message make sure to show this link using
%TRACK%format string. Doing so will always provide your user to access their submission. The same is always emailed if you have collected user email address.
- For registered users, they can always access their submission under User Portal page.
#3: Ability to edit/delete submitted data
Right now eForm doesn’t have a built-in way to let your users delete data directly. But as an administrator you can take requests and delete them as you see fit.
- Go to eForm > View All Submission.
- Search through the submissions using First Name, Last Name, Email etc.
- Delete or Edit the one which has been requested.
More information can be found here.
Also if you let user edit their form, one can actually edit through the trackback link or user portal. This works only for registered users.
Our advice at this point is to create a contact form to let user contact you for deleting their submissions and then you can take the necessary action to delete them. In future we will automate it.
#4: Opt-in Integration (for marketing etc)
eForm already provides a way to conditionally accept integration calls. Use this feature to optionally opt-in to third-party integrations with user’s consent.
Read more about it here.
#5: Protection of Data
eForm stores data in your WordPress database table. It does not send data anywhere else, (except when you activate integrations like MailChimp). So it is completely up to you to protect the database as you would do to safeguard your site and the information it stores.
#6: eForm v5 & RoadMap
Apart from all the features which are already available to make your form GDPR compliant, we have plans to make it easier. As you may already have noticed, we are completely rewriting eForm v5, we plan to implement the following tools to make your life easier with GDPR.
- Make admin provide T&C and have a separate column in the data table to have it checked.
- Provide user the ability to remove the submission from trackback link and from user portal.
- Under User Portal, have the ability to export/download all the forms user have submitted.
- Have a blacklist flag in all emails, which when the user clicks will store the email in eForm to which eForm will never send any email.
- Disable IP logging or mask parts of IP.
- WordPress has a good start with GDPR with v4.9.6. You can read about it here.
- If you are using WooCommerce, then you should read the guide prepared by WooCommerce team.
If you have any enquires, then please use our support forum.