What Is GDPR?
On May 25, 2018, new regulations went into place within the European Union (EU) regarding the treatment of customer data, known as General Data Protection Regulations (GDPR). There are many references available online, you can find one such overview here. We are not going to try and explain the implications or the interpretation of what is required, that is, the realm of lawyers and consultants, but we do want to highlight some WordPress and Gravity Forms-related tools that may be of interest here.
What Tools Can Help Me With Gravity Forms and GDPR Compliance?
Once again, we’re not lawyers, so you’ll want to confirm this with legal counsel or a subject matter expert about what compliance means for you, but some of the following tools may prove useful.
Collecting Consent
The Gravity Forms Consent field is offered with the Advanced Field types in the Form Editor. You can review the details of this field type here.
If you are using a feed-based add-on with your form, such as MailChimp, you can configure conditional logic on the feed so it will only be processed if the user has checked a consent field. See the MailChimp Conditional List Subscriptions article for more details.
Data Requests
WordPress has added the Export Personal Data and Erase Personal Data tools. As of Gravity Forms 2.4, a new Personal Data tab has been added to the Form Settings to provide integration with these tools. See the article Personal Data Settings for more details.
GDPR Plugins
Third-party solutions may be able to help with GDPR compliance. For example, Double Opt In for Gravity Forms by Albert Brückmann offers a GDPR-compliant option for user validation. Search the Gravity Forms repository of community-developed third-party plugins here, or try the WordPress Plugin repository.
Disclaimer: Third-party services, plugins, or code snippets that are referenced by our Support documentation or in Support Team communications are provided as suggestions only. We do not evaluate, test or officially support third-party solutions. You are wholly responsible for determining if any suggestion given is sufficient to meet the functional, security, legal, ongoing cost and support needs of your project.
Feedback, feature and integration requests, and other functionality ideas can be submitted on our Gravity Forms, Gravity Flow, or Gravity SMTP product roadmap pages.
Further Questions and Answers Related To Personal Data
Can I prevent the IP address from being saved in the entry?
Yes. As of Gravity Forms 2.4, the new Personal Data tab on the Form Settings provides several settings to control which data is saved. Preventing the storage of IP Addresses is a checkbox option there. See the article Personal Data Settings for more details.
Can I encrypt the field values before they are saved to the entry?
Use the Encrypted Fields add-on by PluginOwl to configure the encryption of the field values.
Can I prevent Gravity Forms from saving the entries to the database?
It’s important to note that GDPR does not prohibit saving personal data to the database; it just requires consent before doing so.
While you can’t currently prevent Gravity Forms saving the entries you can use custom code or a third-party add-on to delete them during submission, after the notifications and add-on feeds are processed.
With Gravity Forms 2.4, you can set a Retention Policy to Retain, Trash, or Delete entries for a set number of days. This is available in the Personal Data tab in the Form Settings. On the Personal Data tab, you may also integrate with the WordPress Erase Personal Data tool and control what data is erased from the entry. See the article Personal Data Settings for more details.
Can the user view or edit their own submissions?
Allowing users to view or edit their own submissions is not a built-in feature of Gravity Forms, but third-party add-ons can make this feature possible. Try our Community Add-On Repository for third-party and certified developer solutions that can offer this feature.
The Personal Data options in the Form Settings area allows you to integrate with the WordPress Export Personal Data tool to send entry data to the customer.
Are the entries sent to gravityforms.com or other related domains?
No. Form submissions (entries) are saved to your site’s WordPress database. The data will only leave your site if you configure a notification email or another add-on yourself to send it elsewhere.
Does Gravity Forms set any cookies?
Gravity Forms does not set any cookies on the front end of the site. However, it does set a cookie on the entry detail page in the admin when an admin user views the entry and checks the show empty fields checkbox. That cookie is named gf_display_empty_fields.