WordPress, Gravity Forms, and GDPR Compliance

What Is GDPR?

On May 25, 2018, new regulations went into place within the European Union (EU) regarding treatment of customer data, known as General Data Protection Regulations (GDPR). There are many references available online, you can find one such overview here. We are not going to try and explain the implications or the interpretation of what is required, that is the realm of lawyers and consultants, but we do want to highlight some WordPress and Gravity Forms related tools that may be of interest here.

What Tools Can Help Me With Gravity Forms and GDPR Compliance?

Once again, we’re not lawyers so you’ll want to confirm this with a legal counsel or a subject matter expert as to what compliance means for you, but some of the following tools may prove useful.

Gravity Forms 2.4 introduced a Consent field amongst the Advanced Field types. You can review the field here.

If you are also using a feed based add-on with your form, such as MailChimp, you can configure conditional logic on the feed so it will only be processed if the user has checked a consent field. See the MailChimp Conditional List Subscriptions article for more details.

Data Requests

WordPress has added the Export Personal Data and Erase Personal Data tools. As of Gravity Forms 2.4, a new Personal Data tab has been added to the Form Settings to provide integration with these tools. See the article Personal Data Settings for more details.

GDPR Plugins

The following third-party plugins can help with GDPR compliance, and they have integrations for Gravity Forms:

Disclaimer: Third-party services, plugins, or code snippets that are referenced by our Support documentation or in Support Team communications are provided as suggestions only. We do not evaluate, test or officially support third-party solutions. You are wholly responsible for determining if any suggestion given is sufficient to meet the functional, security, legal, ongoing cost and support needs of your project.

Feedback, feature and integration requests, and other functionality ideas can be submitted on our Gravity FormsGravity Flow, or Gravity SMTP product roadmap pages.

Can I prevent the IP address being saved in the entry?

Yes. As of Gravity Forms 2.4, the new Personal Data tab on the Form Settings provides several settings to control which data is saved. Preventing the storage of IP Addresses is a checkbox option there. See the article Personal Data Settings for more details.

Can I encrypt the field values before they are saved to the entry?

We recommend the using the Encrypted Fields add-on by PluginOwl to configure encryption of the field values.

Can I prevent Gravity Forms saving the entries to the database?

It’s important to note that GDPR does not prohibit saving of personal data to the database, it just requires that you to gain consent before doing so.

While you can’t currently prevent Gravity Forms saving the entries you can use custom code or a third-party add-on to delete them during submission, after the notifications and add-on feeds are processed.

With Gravity Forms 2.4, you can set a Retention Policy to Retain, Trash, or Delete entries for a set number of days. This is available in the Personal Data tab in the Form Settings. On the Personal Data tab, you may also integrate with the WordPress Erase Personal Data tool and control what data is erased from the entry. See the article Personal Data Settings for more details.

Can the user view or edit their own submissions?

Allowing the user to view or edit their own submissions is not a built-in feature of Gravity Forms but is made possible by third-party add-ons such as GravityView by Katz Web Services, Inc..

As of Gravity Forms 2.4, the Personal Data tab of Form Settings allows you to integrate with the WordPress Export Personal Data tool and export chosen entry data to the customer.

No. Form submissions (entries) are saved to your sites WordPress database. The data would only leave your site if you configure a notification email or another add-on yourself to send it elsewhere.

Does Gravity Forms set any cookies?

Gravity Forms does not set any cookies on the front-end of the site. It does set a cookie on the entry detail page in the admin when an admin views the entry and checks the show empty fields checkbox, that cookie is named gf_display_empty_fields.