What is GDPR?

GDPR (General Data Protection Regulation) is a 2018 European Union regulation that governs how organizations worldwide process the personal data of EU residents. It introduced concepts that have since become global norms: explicit consent, the right to access, the right to erasure (often called "the right to be forgotten"), data minimization, purpose limitation, and mandatory breach notification. Violations can carry fines up to 4% of global annual revenue.

For WordPress sites that collect form data, GDPR raises several practical obligations: display a clear consent checkbox before capturing personal data, keep a record of what you captured and why, let users request their data or delete it, process data only through vetted sub-processors, and never keep data longer than needed. Many countries outside the EU have since adopted similar regimes (UK GDPR, LGPD in Brazil, PIPEDA in Canada, CPRA in California).

SheetLink Forms ships GDPR tooling out of the box: optional IP-address redaction (write only the first two octets, or skip entirely), an admin export tool that pulls every row containing a given email, and a one-click deletion endpoint that removes matching rows from your Sheet. The customer portal also exposes a data-processing addendum (DPA) and sub-processor list so you can attach them to your own privacy documentation.