Hey there, thanks for loving Caldera Forms. We appreciate your ongoing business & interest in our open-source projects. Below is an overview of how we’re getting ready for GDPR.
Caldera Forms aims to provide the tools to help you stay compliant with the European Privacy laws GDPR regulations. This will be the primary focus of version 1.7 of Caldera Forms. We can not say that Caldera Forms will make your site 100% GDPR compliant, but we aimed to give you the tools you need as part of a larger strategy.
This page has a summary of all implemented and planned features related to GDPR. Since Caldera Forms is often used to collect personally identifying information (PII) we will be adding features so that you as the site owner can identify fields as containing PII. We will also create a consent field for the collection of PII and we will integrate with WordPress core’s tools for responding to request for personal data.
Please don’t take any of this as legal advice. We’re not lawyers. We are following the guidance from the WordPress open-source project. We want your feedback, on Github.
Roadmap For Privacy Related Features
This project is tracked using this Github project.
- Caldera Forms 1.6.2
- Checkbox to identify fields as containing PII
- Caldera Forms 1.7.0 beta 1 a preview of all GDPR features.
- Caldera Forms 1.7.0
- Consent field
- Integration of Caldera Forms data with WordPress core’s tools for responding to personal data
- The ability to delete all data older than a certain date, from a form.
- Caldera Forms Pro (web app)
- We will purge all records of any data linked to an entry that is deleted using any of these features
- This will make it impossible to resend messages or regenerate PDFs of messages.
Privacy Related Features
Consent Fields and Privacy Page Magic Tag
The consent field feature is completed. The the privacy page magic tag feature is completed. Both features will be included in Caldera Forms 1.7.
Integration With WordPress Personal Data Requests
WordPress 4.9.6 added features for reporting and erasing personal data in accordance with GDPR rules Caldera Forms integrates with these tools. Learn more in this detailed documentation on setting up Caldera Forms for GDPR.
Integration with WordPress’ data exporters and erasers are completed.
Deleting All Saved Entries Of A Form
One way to make it simpler to comply with the GDPR is to disable saving of entries. In Caldera Forms 1.7 or later, there is a delete button right under the setting to enable or disable capturing entries to a form. Learn more in the documentation.
This feature is completed and will be included in Caldera Forms 1.7.
Deleting Entries Older Than A Specific Date
This featured is planned.It will be included in Caldera Forms 1.7 or 1.7.1. You can track it with this Github issue.
Identifying Caldera Forms Fields For Personally Identifying Information (PII)
If data export and erasers are enabled for a form, which by default they are not, Caldera Forms entry data will be included in exports and will be erased. Fields can be marked as being “Email Identifying Fields”. When a request for personal data export is made, Caldera Forms will search for all field values, that are marked as Email Identifying, and contain the email address for the request.
Fields can also be marked as “Personally Identifying Fields”. When a request for personal data export is made and entries were found, only the field data saved in fields marked as personally identified is included. If the form was submitted by a logged in user, the export will include their username and email at the time that the form was submitted.
In Caldera Forms 1.6.2-1.7.0-b.1 the PII UI was implemented as a separate checkbox in field settings. This redundant setting was removed. All privacy related settings are located on the Caldera Forms submenu item “Privacy Settings”.
Developer API
There are functions to get all fields of a form that contain PII or to check if a single field contains PII. See the developer documentation for more information.