Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Create GDPR Compliant Forms in WordPress

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Do you want to create GDPR-compliant forms in WordPress?

European Union’s new GDPR law requires explicit user consent to store personal information so that users can have more personal control over their data stored on websites.

In this article, we will show you how to easily create GDPR-compliant forms in WordPress.

How to Create GDPR compliant forms in WordPress

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) law that became effective on May 25th, 2018. This new law aims to give EU citizens control over their personal data and change how companies and businesses handle data privacy around the world.

For more details, see our ultimate guide to WordPress and GDPR compliance which will answer all your GDPR-related questions in plain English.

A typical WordPress site may collect users’ personal information in a number of ways. One of which is by adding forms to the site. Most forms collect personal information, and you may want to make sure that your WordPress forms comply with GDPR.

What is Required to Make a Form GDPR Compliant

In order to make your WordPress forms GDPR compliant, you will need to add the following features:

  • Ask users to give explicit consent for storing and using their personal information.
  • Allow users to request access to their own personal information stored on your website.
  • Allow users to request the deletion of their data from your website.

Having said that, let’s take a look at how to easily create GDPR-compliant WordPress forms. You can click the links below to jump ahead to any section:

How to Make a GDPR Compliant Form in WordPress

We recommend using WPForms to make GDPR-compliant WordPress forms. It is the best contact form plugin for WordPress and has built-in GDPR enhancement features.

For instance, you get a 1-click GDPR Agreement field for your forms, GDPR-compliant data retention best practices, easy entry management system to quickly find, export, or delete user data upon request.

You can read our complete WPForms review for more details.

First, you need to install and activate the WPForms plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

For this tutorial, we’ll use the WPForms Pro version because it includes the disable user cookies and user details options. However, you can also use the WPForms Lite version to create a GDPR-compliant form.

Upon activation, you need to visit WPForms » Settings page and enter your license key. You can find the license key in the WPForms account area.

Entering the WPForms license key

Next, you’ll need to scroll down to the GDPR section.

There, you need to check the box next to the GDPR Enhancements option.

Enable GDPR enhancement option

Enabling the GDPR Enhancements option will reveal two more GDPR-related settings.

The first option, ‘Disable User Cookies,’ will stop WPForms from storing user sessions. This cookie contains a random unique identifier that helps WPForms add features like related entries, form abandonment, and geolocation. Disabling it will also disable those features.

The second option, ‘Disable User Details,’ will stop WPForms from storing user IP addresses and browser information. Both of these settings are optional, and you can check them if you feel that you don’t need these features.

Don’t forget to click the ‘Save Settings’ button to store your changes.

Select Form Template and Add GDRP Agreement Field

WPForms is now ready to create GDPR-compliant forms in WordPress. You can now go to WPForms » Add New page to create a new form.

You will be asked to enter a title and select a GDPR form template. These templates are ready-made forms that you can use as a starting point. In this tutorial, we’ll use the ‘Simple Contact Form’ template.

Add a new form

This will launch the WPForms builder interface.

You will see your form preview in the right column, and on the left, you will see all the fields that you can add to your form.

Add the GDPR agreement field

Simply drag the ‘GDPR Agreement’ field and add it to your form.

You will now see it appear at the bottom of your form. If you click on it, more options will appear in the settings panel on the left.

Edit the GDPR agreement

You can change the title of the form field and agreement text, and then use the description box to add details like a link to your privacy policy or terms and conditions pages.

Note: The GDPR Agreement field is always a required field, and it cannot be pre-checked to comply with the GDPR law. You can only add one GDPR agreement field to each form.

Next, you can go to the Settings » Confirmations tab in the form builder. Here, you’ll get different options to select when a user submits a form. For instance, you can show a message, a page, or to redirect users to another URL.

Edit form confirmation settings

Once you are satisfied with the form, don’t forget to store your changes.

Adding GDPR Compliant Form to WordPress

WPForms allows you to easily add forms anywhere on your website.

You can simply click the ‘Embed’ button at the top of the form builder to get started.

Click the embed button

Next, a popup will open, which will ask you to create a new page or select an existing page.

We’ll use the ‘Create New Page’ option for this tutorial.

Embed a form in page

After that, you’ll need to enter a name for your page.

Once that’s done, simply click the ‘Let’s Go’ button.

Enter the name of the page

Your form will now appear in the WordPress content editor.

Another way to add forms to any page or post is using the WPForms block. Simply add the block to your content and select your form from the dropdown menu.

Add a WPForms block in wordpress

You can now save or publish your post or page.

Simply visit your website to see your GDPR-ready WordPress form in action.

GDPR form preview

Managing Data Access and Deletion Requirements with WPForms

One of the requirements for GDPR compliance is to give users access and allow them to request the deletion of their data.

To do that, you can create a ‘Data access/delete form’ and add it to your privacy policy page. Users who wish to access their stored data or want it to be deleted can use that form to send you a request.

WPForms has an excellent entry management system that allows you to quickly find any data submitted via your forms.

You can access all form entries by visiting WPForms » Entries page from your WordPress dashboard and selecting the form you wish to view.

View form entries in WPForms

WPForms will show you all entries submitted using that form. You can search for a form entry by entering a name, email address, IP address, or keyword.

From here, you can simply click the ‘Delete All’ option at the top to remove form entries.

Delete form entries

You can also delete individual entries or click the view button to see all data stored for that entry.

Disabling User Details for Specific Forms

With WPForms, you get full control over which forms can store user data. You can disable user details to be stored for each individual form.

First, you’ll need to go to WPForms » Settings from your WordPress dashboard and scroll down to the ‘GDPR’ section.

Here, ensure that the ‘Disable User Details’ option is unchecked.

Disable user details is unchecked

Don’t forget to click the ‘Save Settings’ button when you’re done.

After that, you can change each form’s settings in the form builder.

All you have to do is head to Settings » General in the form builder. Next, click the ‘Advanced’ section to expand it. From here, simply click the toggle for the ‘Disable storing user details (IP address and user agent)’ option.

Disable storing user details-settings

This will prevent extra user information from being stored for individual forms.

We hope this article helped you learn how to easily create GDPR-compliant forms in WordPress. You may also want to see our article on how to track user engagement in WordPress using Google Analytics and the ultimate WordPress SEO guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

14 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Jen says

    Hello,
    I noticed that on your Add A New Page screenshot, it is different from what I have. My page has 2 things only: Add a Title and Start Typing. It does not have the Add Media and Add Form buttons, and it does not have the paragraph section like yours.
    Thank you for your help. I appreciate everything that you have on your webpage. They are very helpful to beginners like me.

    • WPBeginner Support says

      The article has not been updated for the block editor just yet, for the block editor you would want to add a WPForms block and select the form in the block’s dropdown and it should be added :)

      Admin

  3. S says

    Where and how does WPForms store the files uploaded through the form? Is it secure and GDPR-compliant?

    • WPBeginner Support says

      Entries would be stored on your site and you would want to reach out to WPForms’ support for the specifics on GDPR compliance

      Admin

  4. Sarka says

    Hello,

    thanks a lot for the detailed description. I am missing and interested in one more thing – how can I add to the consent the link to the description of how we handle the date (the privacy policy)? I understand that I add it to the description, but then I don’t know how to get the link and redirect it to the new page?

    Thank you for the help!

    Sarka

  5. Susan Robinson says

    Please could you explain more about: “To do that, you can create a ‘Data access/delete form’ and add it to your privacy policy page. Users who wish to access their stored data or want it to be deleted can use that form to send you a request.” Should I be creating a separate form for this? Could you give me an example/model of how this would be implemented in a privacy policy? Thank you very much for this informative post (After doing much reading about contact forms today, I found this article the most helpful and I purchased wpforms).

    • WPBeginner Support says

      Hi Susan,

      This would be just like any other contact form. Simply create a contact form name it data access form and then add it to a WordPress page. Now link to this page in your WordPress privacy policy page, informing your users that they can visit this page and fill out the form to request access to their information or ask to delete it.

      Hope this helps

      Admin

  6. Marta Smits says

    Very useful post, but you forgot to mention that the most important part is only available if we pay for it.
    “Easy entry management system to quickly find, export, or delete user data upon request” it’s only available if we pay and I wonder why should I need to pay for having access to that if it is part of the law to have it available so I can easily follow the instructions of any of the users that what to have their data deleted.
    Unfortunately, it seems to me that more and more companies now do take advantage of this law to make the most profit possible.
    I’m keeping my search to find the right contact form or opt for none and find other solutions that will comply with GDPR.

  7. Rodney says

    I have added the clause for GDPR to our existing contact form as per the guidelines as under settings etc. and on testing the form we are not receiving any emails to the logged email address. Any clues what may be causing this or what I have missed in the setup .

  8. David Jumeau says

    I typically use Captcha’s to filter out spam bots. I believe this should be a standard requirement.

  9. Peter Wade says

    What we need is a tutorial to find EU email addresses in our current mailing host, e.g. MailChimp free account. I understand that EU users on our lists have to give their consent to the new requirements.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.