This article is written in collaboration with a law agency. However, it is intended for general information purposes only. It does not constitute a client-attorney relationship or personalized legal advice.
If it’s a customer who doesn’t have an account, but whose personal data is stored on the website (either by WordPress itself or one of the compatible plugins), they will receive the authentication link via email and they will be able to withdraw consents, view and download the data and request deletion.
One example of a situation like this is someone who doesn’t have an account on your site, but who has submitted some data via a form on your site.
However, if The WordPress GDPR Framework does not detect any personal data tied to the given email, they will simply receive an email stating that their personal data is not being processed.