Skip to main content
wordpress support services

WPTavern: Delete Me WordPress Plugin Assists Website Owners in Granting the GDPR Right to be Forgotten

WPTavern: Delete Me WordPress Plugin Assists Website Owners in Granting the GDPR Right to be Forgotten
photo credit: pj_vanf to err is human(license)

With the EU GDPR compliance deadline just 178 days away, many WordPress site owners are looking for tools that will help them meet the requirements. The regulation expands existing rights of data subjects in several key ways, including (but not limited to) the right to be notified of data breaches, the right to access personal data, the right to be forgotten, and the right to data portability.

A plugin called Delete Me, by Clinton Caldwell, is one that may be helpful in addressing the Right to be Forgotten. The GDPR.org website breaks it down as follows:

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

The Delete Me plugin takes this one step further for site owners who are comfortable allowing users to delete their own data without having to create a request for it. By default, the delete button displays on the profile.php screen in the admin, but administrators can elect to use a shortcode to display it somewhere else on the frontend.

The plugin will delete the users’ posts, links, and even comments (optional) after the user confirms. The confirmation screen could stand to include more information about what data is being deleted so that the user knows what to expect. However, administrators do have the option to specify this within the JavaScript confirmation dialog. After deletion the user is dumped back out to the homepage by default, but the redirect URL can be configured in the plugin’s settings page.

Additional configurable settings include the ability to select specific WordPress roles to allow to delete themselves, specify class and style attributes of delete link, enable or disable JavaScript confirm for Shortcode, specify button text, and send an email notification when users delete themselves.

Delete Me also supports network activation and single site activation for multisite installations. By default, users can only delete themselves and their content from a single site, while other networked sites where they are registered will not be affected. The plugin does include a “Delete From Network” checkbox that administrators can enable to allow users to delete themselves from all sites on the network.

Delete Me is available for free on WordPress.org. I tested the plugin and have confirmed that it works with WordPress 5.0-alpha. It is currently active on more than 2,000 sites. By no means does it satisfy the full requirements of the GDPR, but it provides a decent starting point for site owners who want to make this option available to their users without having to manually fulfill their requests.



Source: WordPress