RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Blog » WP-Members and GDPR Compliance

WP-Members and GDPR Compliance

· ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

There have been a lot of questions and concerns about GDPR compliance both in general and regarding the WP-Members plugin. As the deadline for compliance approaches, this will likely become more of an issue for site owners.

I want to emphasize that I am not an attorney.  Whether you are in or out of compliance is a complicated question that is best handled by your legal counsel.  With that in mind, I can explain some of the workings of the WP-Members plugin so that you know what it does in regards to users and their data.  

WP-Members and GDPR Compliance

WP-Members by itself is neither compliant or non-compliant. Compliance depends entirely on how you use it and implement it. The plugin is highly customizable, so whether you are compliant or not depends less on the plugin itself and more on how you collect and handle your user’s data, what data you collect, and how you make that information available.

For the most part, in a default installation, the only data collected about a user beyond WP’s user information is from the registration form.  If you have a properly implemented [wpmem_profile] shortcode, the user can view this information and also change it.  Combine this with a terms of service checkbox, a privacy policy on your site, and a contact form where users can submit complaints and deletion requests and you are pretty close to compliance in many cases.  Again, you should review this with a professional.

The plugin does install with a default “terms of service” checkbox which you can use to set up a requirement that the user confirm acceptance of the terms of service.  Note that you do not have to use this particular field in order to create this kind of requirement.  Any custom field will do.  You should also maintain a pages on your site for this information such as terms of service, privacy policy, and any other required disclosures.

The cases where you may need additional steps are situations where you may have a lot of “admin only” data about a user.  WP-Members does allow you to set fields to be “admin only” and these may or may not be viewable by a user.  If you want to display this data on a page for the user, a simple way to do that is to use the [wpmem_field] shortcode.  Note that this can be used along with [wpmem_logged_in] to create areas that only show to logged in users (or simply block the page).  You can also use the plugin’s filters to add custom sections to the profile page, such as wpmem_member_links and wpmem_member_links_args.

There are many ways to implement processes for users to request data, submit complaints, and submit deletion requests.  This could be as simple as a contact form.  Or you could use one of the several plugins that have been developed for this purpose, such as GDPR.

Some Useful Code Snippets:

These are some code snippets that may be helpful in making your site more GDPR compliant with WP-Members.  I’ve made them freely available to all users, not just support subscribers.  I will add to the list as more become available.  (If you don’t know how to use and implement code snippets, here’s some additional information to get you started.)

Ready to get started?

Join Today!