The recent Data Protection Day inspired Ninja Forms to talk about privacy and data protection practices while using their popular drag & drop WordPress form builder – GDPR compliance in particular.
The General Data Protection Regulation is an EU-wide law that gives EU citizens control over their digital data by giving them the right to know when personal data is being collected, what data is being collected, access it and delete it if they wish. The GDPR might also affect the US and other countries.
This means that if you have a website in the US and have visitors from the EU, you are required to comply with GDPR requirements and conditions for data processing. GDPR is not limited to the EU. It affects any website that processes personal data of EU citizens such as names, addresses, and payment details for example.
To cut a long story short: To be GDPR compliant with Ninja Forms, no additional plugin needs to be installed. This feature is 100% free for Ninja Forms users. Let’s find out how you can achieve this:
1. Inform users that a form collects personal data
2. Request explicit consent for the collection of personal data
The request must be clear and easy to understand. It needs to stand on its own and not be tucked away in other text. A single checkbox and checkbox list fields are the clearest way to confirm explicit consent. When set to ‘Required’, the user cannot submit the form unless consent is given.
3. Marking a field as personally identifiable information
Any field created with a single-line text field can be marked as personally identifiable information. Email addresses, phone numbers and other fields commonly used to collect personally identifiable information may also be marked as such, although this is not limited to single-line text fields.
4. Delete personal data upon request
Users must be provided with a quick and painless way to withdraw consent and purge collected data. Ninja Forms provides a standard “Delete data on request” form template that can be placed on any page of your website.
5. Export personal data on request
Data subjects may request, obtain and/or transfer possession of the collected data at any time. This data must be provided free of charge in an electronic format upon request. Ninja Forms provides a standard “Export Data Request” template that can be placed on any page of your website.
6. Disable the storage of personal data or set it to expire
The Store Submission function allows you to select either no data to be stored or only data from specific fields. To completely disable data storage, turn off the Store Submission action on the Emails & Actions tab of the form.
Please note that this is not legal advice. Qualified legal advice should be sought for specific questions regarding compliance with the GDPR.