WordPress Plugin Data Deletion and the GDPR

With the GDPR deadline looming, it is an excellent time for WordPress plugin developers to finish adding or updating that often skipped, often neglected plugin uninstall code – you know, the “clean-up” code that deletes options and meta data and tables that the plugin added to the site?

This is especially a good time for you to do this if your plugin handles personal data in any way.  Why? To give assurance to the administrators that install your plugin that, if they delete that plugin from their site, they are no longer responsible for including in their privacy policy (or, heaven forbid, disclosing in the event of a breach) what data, especially personal data, was collected (or exposed) by your plugin.

Here’s the Plugin Handbook page you’re looking for: https://developer.wordpress.org/plugins/the-basics/uninstall-methods/

Tick tock. The GDPR takes effect on May 25, 2018.

There are, of course, other aspects of the GDPR that apply to the way plugins handle personal data or expose site visitors to data collection by 3rd parties, and solutions to those are coming in WordPress core (see below), but this area (data clean-up on plugin deletion) is one area that developers can attend to now if they haven’t already.

Interested in joining me in helping to make the world’s top CMS more privacy oriented and GDPR ready? Come join the privacy party at https://make.wordpress.org/core/tag/gdpr-compliance/