How is user data anonymized?

Disclaimer

This article is written in collaboration with a law agency. However, it is intended for general information purposes only. It does not constitute a client-attorney relationship or personalized legal advice.


If you configure The WordPress GDPR Framework to anonymize your visitors data instead of deleting it, the following actions will be performed when a user requests to anonymize their data:

Identifier

A secure random identifier is generated for your customer. This can be used to link together different items in the data that belong to the same user. This might be useful for analytics purposes.

Comments

Comments will be deleted.

User account

If there is a user account on your website with the given email address, the following actions will be performed:

  • The username is replaced with “[anonymous]”. You can change that via a filter.
  • user_email, user_nicename, user_url, user_activation_key and display_name fields will be deleted.
  • A new random password will be generated for the account. This is an additional layer of security to make sure login is impossible, in case poorly coded 3rd party extensions break something.
  • The following metadata will be deleted: nickname, first_name, last_name, session_tokens
  • The random identifier will be saved in usermeta table
  • All WordPress capabilities are removed from the user
  • The user will be given a new role, “Anonymous.” (You can change that via a filter)

Forms

Contact Form 7 submissions are not stored in the database by default, so you’ll need to remove them from your inbox manually.

Gravity Forms and other form plugins support will be added shortly.

Integrations

An action will be triggered, allowing theme and plugins to delete additional data. Read more in the developer docs.