MemberPress & GDPR
On May 25th, 2018 GDPR regulations went into effect. By now you're probably familiar with what the GDPR is and who it affects, but we'd recommend reading through the FAQ here if you still have any questions about it.
More likely, you're here because you want to know how MemberPress can help in making your WordPress Membership Site GDPR compliant.
Disclaimer: Though we have added some tools and features to MemberPress to make it easier for our customer's to comply with GDPR - we are not lawyers and still strongly recommend that you seek professional counsel on ensuring your site and policies are consistent with GDPR and other applicable Privacy laws. Compliance and what you're required to put in place will depend on what hosting, plugins, theme's, and other services you utilize. If you handle personal data for any customer in the European Union then GDPR applies to your business.
WordPress recently released version 4.9.6 which included some special features specific to user privacy and GDPR. We have monitored the WordPress core efforts and have released MemberPress version 1.3.35 which integrates with the tools WordPress has made available for developers. MemberPress now takes full advantage of these tools provided by the WordPress core team.
How MemberPress can help you utilize these new tools for GDPR are outlined below:
You can either tell WordPress to use an existing page which you can find in the dropdown menu. Or you can tell WordPress to create a new page.
Once the page is created, you'll be able to view the sample policy text and adjust it to fit your requirements.
Then click on the "MemberPress" section in the Guide.
For a more detailed description of what data MemberPress collects, processes, or shares - Please review this article.
Right to be Informed
As part of the GDPR - your EU user's now have the right to be informed about how you collect, share, process, and otherwise use their personal information.
Then you can enable the feature from your MemberPress -> Options -> Account tab.
When the user signs up, their agreement is logged in the database. You can view it in the User's WordPress Profile.
Right to Data Portability
The GDPR also states that your EU users should be able to see what personal information you have collected about them. WordPress 4.9.6 addresses this with a new "Export Personal Data" feature found in the WordPress -> Tools menu.
MemberPress adds its data (in addition to the user data WordPress and other plugins already exports) to this export file which currently includes the following:
- Address Information (if collected)
- VAT number (if collected)
- Geo-Located Country
Note: We will likely be adding the ability to export your Custom Fields in a future release as we realize many users will collect things like birthdays, phone numbers, additional names or emails etc. with their Custom Profile Fields.
Right to be Forgotten
In addition to Data Portability (see above), GDPR also requires that user's have a way to request to be forgotten. WordPress 4.9.6 addresses this with a new "Erase Personal Data" feature found in the WordPress -> Tools menu.
When a user requests erasure, WordPress will erase the personal data from the WordPress User and give other Plugins and Theme's an opportunity to also wipe any personal data associated with the user. MemberPress utilizes this feature and will erase the same data mentioned in the list above under the "Right to Data Portability" section. The user's Transactions, Subscriptions, and Events are left in place for historical and reporting purposes.
Note: According to the WordPress developers documentation, this feature does not remove the user account from the site. That is an additional step the site Admin can take if wanted/needed. More Info.
Emails Footer - Privacy Link
We're continually watching the WordPress GDPR core tickets here: https://core.trac.wordpress.org/query?status=!closed&keywords=~gdpr
As the WordPress team adds new features or alters existing features, we will continue to ensure that MemberPress remains compatible. This article will be updated continually as new features or changes are released.
If you have any questions about the information above please don't hesitate to reach out.