Starting with 25 May 2018, the EU General Data Protection Regulation (GDPR) will supersede current national data protection laws of all EU Member states.
More information about this regulation can be read on their website and if you want to ensure the right measures are taken for the GDPR compliance of your website, you should seek legal counsel.
If you use Profile Builder to register or manage users, you are affected by this law as well. This page looks to provide information about how to make forms created with Profile Builder – GDPR compliant.
1. Ask the user for consent
The first thing you need to do is ask the user for his permission that you collect his personal data with the intent to store it.
Method 1: Since Profile Builder 2.8.2 you can find a dedicated Checkbox field for this functionality, both in the free and paid versions. Go to Profile Builder -> Manage Fields to configure and add it to your form.
Method 2: go to Profile Builder -> Manage Fields and create a new Checkbox type of field. Make this field required so users cannot submit the form without checking it and add an appropriate label like `I allow Dummy Company to collect and store the data I submit through this form.
Front-end view of the form containing the field:
2. The users right to access his data
The data we store is associated with a WordPress user account and stored in the standard `*_usermeta` table. The easiest way for users to view it is to go to a page that has the [wppb-edit-profile] shortcode, this will also allow them to edit it.
3. The users right to be forgotten
As an admin, to delete a user, you can go to your Dashboard -> Users page and then hover over the user entry and press Delete. This will remove the user account and any data associated with it.
There’s also the possibility to allow users to delete the account themselves. In order to have this option, you need to add the GDPR Delete button from the Profile Builder -> Form Fields interface.
After adding it, users will see the delete link on the edit profile form after the last field:
Pressing the button will trigger a confirmation box and if this is validated the user account and all data will be deleted.
If you have any questions about these implementations you can always send us a ticket.