GDPR
The General Data Protection Regulation (GDPR) is an EU law that governs how personal data is collected, processed, and stored, with significant implications for WordPress plugins.
How it works
GDPR requires that any software handling EU residents' personal data obtains explicit consent, provides data access/export/deletion capabilities, and implements appropriate security measures. For WordPress plugins, this means any plugin that collects emails, stores user preferences, tracks analytics, or processes form submissions must comply.
In WordPress
WordPress added GDPR-related features in version 4.9.6: a privacy policy page tool, personal data exporters, and personal data erasers. Plugins should register with these tools using wp_add_privacy_policy_content() and the privacy data export/erase hooks.
WP HealthKit checks for GDPR-related vulnerabilities automatically
Run a Free Audit