GDPR compliance and Sign Up Sheets

Version 2.4 of the plugin integrates with the GDPR features of WordPress 4.9.6. Meaning, if someone requests an export of their personal data, any signup data associated with that person’s provided email (along with any user ID associated with that email) will be included in the personal data export that you generate from WordPress admin. Similarly, if a person requests that their info be deleted, then any signups associated with the provided email (or a user ID associated with that email) will also be deleted and those signup slots will become available again.

This alone will not make your site GDPR compliant. You will need to study up on GDPR and take all the necessary actions for your site to make sure you are in compliance. If you have people using the signup sheets in countries covered by the GDPR, then somewhere on your site, you should be letting them know what information you are collecting when they signup for something, based on what fields you have activated for signups in this plugin. You may also want to set this plugin so that only registered users can signup for events, and then you can present your privacy policy and some sort of agreement check box for them when they are registering for your site.

If your site is going to be affected by GDPR, then you should contact a lawyer to make sure you do everything needed to be in compliance. I’m not a lawyer and I can’t give you legal advice.

Be aware that, at the minimum, my plugin will save the first name, last name, and email for any volunteer that signs up for something. Phone field is optional, but will also be saved if you enable that field. This data, including what they signed up for and the date and item (if enabled), will be exported along with any other personal data when using the WordPress personal data exported. In addition, all of the corresponding signup data will be deleted when you use the personal data eraser, and those signups will basically be “cleared” and those spots made available again.