How To Manage WordPress User Data Requests

How To Manage WordPress User Data Requests

WordPress Tools - Erase Personal Data screen.In this tutorial, you will learn about managing WordPress user data requests.

Refer to the following tutorials if you need help with this section:

***

GDPR (General Data Protection Regulation) requires all businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Non-compliance with these regulations could cost companies dearly.

Under GDPR rules, your site needs to make sure that your website users can:

  • Request access to their personal data (name, email address, comments, or any other data submitted to your website).
  • Download and view their personal data (as per Article 15 of GDPR).
  • Request that their personal data be removed from your site (as per Article 18 of GDPR).

Policies on how your site handles users’ data should be clearly stated on your site’s Privacy Policy page (Access your Privacy Settings by going to Dashboard Menu > Settings > Privacy).

Privacy Settings screen -Privacy Policy Page.
Privacy Settings screen.

To ensure that your site complies with these GDPR guidelines, WordPress provides tools that let you manage user requests to export and/or delete their personal data from your website.

You can access these tools by going to the WordPress Tools Menu and selecting one of the following:

WordPress Tools menu.
WordPress Tools menu.

Let’s go through these tools.

Export Personal Data

To access this tool, go to Tools > Export Personal Data.

WordPress Tools Menu - Export Personal Data.
WordPress Tools Menu – Export Personal Data.

This brings you to the Export Personal Data screen.

If a user requests access to their personal data, simply enter their details into the ‘Username or email address’ field in the Add Data Export Request section and click the Send Request button.

WordPress Tools - Export Personal Data screen.
Export Personal Data screen.

WordPress will send the user an email requesting them to verify and confirm their request.

The request will remain pending until the user has confirmed the email.

Export Personal Data screen - Confirmation request initiated successfully.
Pending data export request waiting for confirmation.

Here’s an example of the email WordPress automatically sends to users who request access to their personal data.

Export Personal Data confirmation email.
WordPress sends users this export personal data confirmation email.

When the user clicks on the confirmation link, they will see an acknowledgment screen informing them that a link to download their exported data will be sent once the site administrator processes their request.

WordPress data export confirmation screen.
The WordPress data export confirmation screen users will see after clicking on their email confirmation link.

Once the user has confirmed, you (or your site administrator) will then be able to view these details and fulfil the user’s request.

Export Personal Data screen.
Click on Send export link.

Note: You can also send out an export link without waiting for users to click on the confirmation email.

This is useful if, for example, a user contacts you to say they did not receive your email.

To do this, hover over the user’s name in the ‘Requester’ column and click on the Complete request link.

Export Personal Data - Complete request link.
Click on this link to complete a user’s request without waiting for their confirmation email.

Either of the above methods will send the user an email with a link to download their personal data.

This user's personal data export link was sent.
The user’s personal data export link has been sent.

Here’s a sample of the email WordPress will send to the user, with a link to download their personal data export file and a message informing them that for privacy and security reasons, their file will be automatically deleted after a few days.

Personal Data Export email sample.
Users will receive the above email containing an expiring link to download their personal data export file.

tip

WordPress also gives you the option to:

  • Download and save the user’s personal data.
  • Perform bulk actions.

To download and save a user’s personal data:

Hover over the user’s name in the ‘Requester’ column and click on the Download personal data link.

Download personal data
Click on the Download personal data link.

Select a location to download the zip file and click the Save button.

Download personal data file.
Download and save personal data files.

To perform bulk actions:

  • Select the user’s name in the ‘Requester’ column.
  • Select an option from the Bulk actions drop-down menu:
    • Resend confirmation requests
    • Mark requests as completed
    • Delete requests
  • Click the Apply button.
Export Personal Data screen - Bulk actions menu.
You can perform bulk actions if you have multiple user requests.

Additionally, keep in mind that there are several GDPR plugins that can help automate this process.

Erase Personal Data

GDPR compliance also requires that site owners comply with a user’s request to delete all personal data store on a site.

This is where the Erase Personal Data tool comes in handy.

To access this tool, go to Tools > Erase Personal Data.

WordPress Tools menu - Erase Personal Data.
WordPress Tools menu – Erase Personal Data.

This brings you to the Erase Personal Data screen.

WordPress Tools - Erase Personal Data screen.
Use this tool to erase a user’s personal data from your site and comply with GDPR requirements.

Erasing personal data is like exporting a user’s data.

When users request that their personal data be erased from your site:

Enter their username or email address in the field and click the Send Request button.

Erase Personal Data - Send Request
Ask users to verify their data erasure request.

Users will be sent an email asking them to verify their request (you can also click on the Complete request link under their name if they haven’t confirmed).

Sample Erase Personal Data email sent to user.
WordPress sends users an email asking them to verify their request to erase their personal data.

Until users click on the confirmation link sent in the email, their request status is set to Pending.

Erase Personal Data screen.
Email address pending and waiting for confirmation.

You can erase the user’s personal data:

  • When users confirm their request by clicking on the email confirmation link, or
  • By hovering over the user’s name and clicking on the Force erase personal data link.
WordPress Tools: Erase Personal Data screen - Add Data Erasure Request
Erase Personal Data tool.

Congratulations! Now you know how to comply with user requests to export or erase personal data using the tools that WordPress makes available.

WordPress Tools - Erase Personal Data Screen.
The WordPress Tools section.

***

Print Friendly, PDF & Email

Terms Of Use | Privacy Policy

Scroll to Top