How to make Paid Member Subscriptions forms GDPR compliant

Starting with 25 May 2018, the EU General Data Protection Regulation (GDPR) will supersede current national data protection laws of all EU Member states.
More information about this regulation can be read on their website and if you want to ensure the right measures are taken for the GDPR compliance of your website, you should seek legal counsel.

If you use Paid Member Subscriptions to register or manage users, you are affected by this law as well. This page looks to provide information about how to make forms created with Paid Member Subscriptions – GDPR compliant.

1. Ask the user for consent
The first thing you need to do is ask the user for his permission that you collect his personal data with the intent to store it.
In order to do this we need to add the field to the PMS registration form:

You just need to set the “GDPR checkbox on Forms” select to “Enabled” on the GDPR tab on the Paid Member Subscriptions Settings.

The field will be placed after the Repeat Password field but before the Subscription Plans:

You can change the label of the checkbox in the “GDPR Checkbox Text” input.

2. The users right to access his data
The data we store is associated with a WordPress user account and stored in the standard `*_usermeta` table. Easiest way for users to view it is to go to a page which has the [pms-account] shortcode, this will also allow them to edit it.

As an admin, you can also provide an export of this data, if requested. You can find instructions for how to do this here.

3. The users right to be forgotten
As an admin, to delete an user, you can go to your Dashboard -> Users page and then hover over the user entry and press Delete. This will remove the user account and any data associated with it.

There’s also the possibility to allow users to delete the account themselves. Set the “GDPR Delete Button on Forms” select to “Enabled” on the GDPR tab on the Paid Member Subscriptions Settings.

After adding it, users will see the delete link on the edit profile form after the last field:

Pressing the button will trigger a confirmation box and if this is validated the user account and all data will be deleted.

If you have any questions about these implementations you can always send us a ticket.