Delete Me WordPress Plugin Assists Website Owners in Granting the GDPR Right to be Forgotten

photo credit: pj_vanf to err is human(license)

With the EU GDPR compliance deadline just 178 days away, many WordPress site owners are looking for tools that will help them meet the requirements. The regulation expands existing rights of data subjects in several key ways, including (but not limited to) the right to be notified of data breaches, the right to access personal data, the right to be forgotten, and the right to data portability.

A plugin called Delete Me, by Clinton Caldwell, is one that may be helpful in addressing the Right to be Forgotten. The GDPR.org website breaks it down as follows:

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

The Delete Me plugin takes this one step further for site owners who are comfortable allowing users to delete their own data without having to create a request for it. By default, the delete button displays on the profile.php screen in the admin, but administrators can elect to use a shortcode to display it somewhere else on the frontend.

The plugin will delete the users’ posts, links, and even comments (optional) after the user confirms. The confirmation screen could stand to include more information about what data is being deleted so that the user knows what to expect. However, administrators do have the option to specify this within the JavaScript confirmation dialog. After deletion the user is dumped back out to the homepage by default, but the redirect URL can be configured in the plugin’s settings page.

Additional configurable settings include the ability to select specific WordPress roles to allow to delete themselves, specify class and style attributes of delete link, enable or disable JavaScript confirm for Shortcode, specify button text, and send an email notification when users delete themselves.

Delete Me also supports network activation and single site activation for multisite installations. By default, users can only delete themselves and their content from a single site, while other networked sites where they are registered will not be affected. The plugin does include a “Delete From Network” checkbox that administrators can enable to allow users to delete themselves from all sites on the network.

Delete Me is available for free on WordPress.org. I tested the plugin and have confirmed that it works with WordPress 5.0-alpha. It is currently active on more than 2,000 sites. By no means does it satisfy the full requirements of the GDPR, but it provides a decent starting point for site owners who want to make this option available to their users without having to manually fulfill their requests.

10 responses to “Delete Me WordPress Plugin Assists Website Owners in Granting the GDPR Right to be Forgotten”

  1. Good idea but a downright stupid implementation. Imagine you forgot to logout and a malicious actor deleted your account.

    User deletion should only happen after an email confirmation has been clicked or the password has been entered.

  2. Funny I started using this plugin a few weeks ago for a membership site the ability to create a custom button with php code is handy for adding to any custom template page.

  3. Guess this will also apply to the European Rosetta sites of WordPress dot org? Will I be able to remove my entire profile there? Just curious..

    • No, as the WordPress.org servers are in the USA. However, you can already remove all the profile data you want, as everything is editable except the username. Feel free to wipe your profile whenever you like.

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: