man-using-erase-personal-data-WordPress-tool,-photo-by-Bram-Naus

How to erase personal data from WordPress

Manage requests for personal data

As of March 2018, the The European Union’s General Data Protection Regulation (GDPR) (link is external) went into effect. This law applies to ANY website that collects personal data from its users, regardless of where the user is located. This means the GDPR law applies to EU citizens using U.S. websites as well.  

With privacy concerns and personal data breaches at an all time high, several similar laws are in the works in the U.S. As well several states have already enacted privacy laws. For example the California Consumer Privacy Act (CCPA) (link is external)

In addition, many states now require websites to post a privacy statement that includes details of what personal information about the user is being collected on the site as well as how it is managed and secured.

The bottom line is, as a website owner, it is in your best interest to have a clear understanding of the user data collected on your site and, at a minimum, create a process for keeping it safe. Even if your organization is not currently required to comply with ‘right to be forgotten’ requests, this may change in the future.

The good news is, WordPress version 4.9.6 introduced both the export personal data tool and the erase personal data tool, making it much easier for site admins and owners to comply with GDPR requests for personal data,

WordPress dashboard export erase personal-data-tool

These tools can be accessed from the WordPress Tools menu. 

When a WordPress user requests a copy of their data or to have their data erased, the site admin can use the export personal data tool to first validate the user’s email and then comply with the request.  


How to export personal data in WordPress

  1. Log in to your WordPress dashboard as an Admin
  2. Go to Tools >> Export Personal Data
  3. Enter the email address and ‘send request’ to the user requesting the export of their personal data.
  4. The user will need to access their email and click on the confirmation link before they can access the export file of their personal data. 
  5. Once the user has confirmed the request, the status of the request will be updated to ‘confirmed’. At this point, you as the site admin can send the user a link to export their data. 
  6. The data will be sent as both a web page and a json file.
  7. These files will be automatically deleted from your site after 48 hours.
export-personal-data-request-WordPress

NOTE: The site admin can also download the export file from this screen to review data to be exported.

What data gets exported?

Using a fresh install of WordPress, without any additional plugins installed, all data connected to the user email is exported including:

  • User email and profile information
  • User’s IP address and session details
  • Media uploads and comments connected to the user

NOTE: The WordPress export and erase tool applies to a fresh install of WordPress, without ANY plugins installed. In order to comply with GDPR requirements and your site’s own privacy policy, you as the site owner, are responsible for understanding what data is being collected and where it is stored. We recommend checking the documentation for every plugin you install on your site to make sure that any personal data the plugin collects is included when the WordPress export/erase tool is run.


How to erase personal data in WordPress

  1. Log in to your WordPress dashboard as an Admin
  2. Go to Tools >> Erase Personal Data
  3. Enter the email address and ‘send request’ to the user requesting erasure of their personal data.
  4. The user will need to access their email and click on the confirmation link before the erase personal data request can be completed.  
  5. Once the user has confirmed the request, the status of the request will be updated’. At this point, you as the site admin can complete the ‘Erase Personal Data’ request.
  6. Once the erasure request has been completed, go to Users to delete the WordPress user record. Be sure to select the ‘delete all content’ option.
  7. Once the user record has been deleted, return to both the export and erase dashboards to delete the requests.
erase-personal-data-request-WordPress

The Erase Personal Data tool does not remove the data from backups or archive files: When using the tool alongside automated backups or archives, we advise you to exercise caution when restoring user data from backups. When restoring an archived copy of your site, your requests for erasure should be respected.”

~WordPress.org

What data gets erased?

Using a fresh install of WordPress, without any additional plugins installed, the connected data that is erased in Step 5 above includes:

  • User email and profile information
  • User’s IP address and session details
  • Comments connected to the user – NOTE: the comment will still appear on your site, however, it will be anonymized.

NOTE: There is no ‘trash’ status for erased data. This is a permanent step that cannot be undone.

When the WordPress user record is deleted in Step 6, the following are also deleted: 

  • Any posts connected to the user – NOTE: It may be possible to restore a post, however, user meta data has been deleted.
  • Any pages connected to the user – NOTE: It may be possible to restore a page, however, user meta data has been deleted.
  • Any Media uploaded by the user.
  • The WordPress user record.

NOTE: The WordPress export and erase tool applies to a fresh install of WordPress, without ANY plugins installed. In order to comply with GDPR requirements and your site’s own privacy policy, you as the site owner, are responsible for understanding what data is being collected and where it is stored. We recommend checking the documentation for every plugin you install on your site to make sure that any personal data the plugin collects is included when the WordPress export/erase tool is run.


How to test a plugin with WordPress export / erase tool

When installing any new plugin on your site, you’ll want to first check whether the plugin collects any personal data. If so, make sure that the plugin also connects to the new WordPress personal data erasure tool, or provides another option to process ‘right to be forgotten’ requests. If the plugin does not hook into the WordPress tool, you could be stuck manually removing personal data from your site.

In order to be compliant with GDPR requirements (and to create your website’s privacy statement), you should test EVERY plugin that you install to find out:

  • What personal data is being collected from the user.
  • Where this data is stored.
  • How this data can be exported and erased from your site.

There are several ‘GDPR compliance’ plugins (external link) available in the WordPress Plugin Repo. However, many of them are focused on adding consent before collecting cookies or email addresses, not necessarily on exporting or erasing data.

Once you have established what personal data is being collected by the plugin, you can test to see whether this data gets erased using the WordPress export /erase tool, or whether you need to erase it by another method by following these steps:

  1. Create a sample user on your site using the test plugin. For example, if you are testing a forms plugin, fill out the form with your sample user data.
  2. Note the personal user data that the plugin collects.
  3. Check the plugin’s documentation to see if there are specific settings required in order to comply with GDPR export / erase requests.
  4. Run an export personal data request using the WordPress tool as detailed above.

The data collected by the plugin should appear in the export file.

  1. Next run an erase personal data request as detailed above. Be sure to run the erase tool AND manually delete the user record.
  2. Check to be sure that all personal data has been erased.

NOTE: Some plugins, like WooCommerce (external link) and Chamber Dashboard for example, may mark some data for deletion, but not actually delete it. Typically this applies to data that affects an organization’s accounting or reporting process. This data should be manually deleted once reporting has been completed.

It’s a good idea to write out the process that you and your staff will follow to process any requests for personal data so that you do not miss any steps.

Process ‘right to be forgotten’ requests for Business Directory

Already using the Chamber Dashboard Business Directory? Here are the settings you need to use in order to process an erasure request from a current or former member.


Like this post?
Follow us on FacebookInstagram or YouTube for more WordPress membership tutorials!

Perfect for Merchant Associations, Professional Associations, Chambers of Commerce,
Business Networking groups, Visitor Bureaus, Community Arts Councils and more.

See all membership features offered by Chamber Dashboard.