How to Use Popup Maker and Meet the GDPR Data Privacy Requirements

The European Union's (EU)  General Data Protection Regulation (GDPR) goes into effect in late May 2018. Under the law, citizens of EU member countries will have the right to give and withdraw their consent to all organizations (including businesses) that collect, control, and process their digital data that could reveal a person's identity. Such data may include their name and address (email, physical and internet protocol address).  Businesses located outside the EU that provide digital services to EU citizens and collect personal digital data must comply with the regulation, or risk substantial financial penalties. 

The regulation provides EU citizens with the following data-protection rights:

  • request and receive a free copy of their data from a data controlling organization in a timely manner; 
  • request the permanent removal (erasure) of their data;
  • stop the further dissemination of their data; and 
  • request that third parties halt the processing of their data. 

Popup Maker Feature With Potential to Store Personal Data on a Site

The Popup Maker plugin includes one feature that allows plugin users to potentially collect, and store site visitor's personal data. The Popup Maker shortcode button (1) allows plugin users to add a subscription form shortcode (2) to create and display a contact form inside a popup. [ Note: The shortcode button is accessible on the 'Visual' tab within the 'Popup Editor'.]

The contact form allows plugin users to request and collect a site visitor's name and email address.   When the form is used independently of any Popup Maker plugin extensions, the data submitted via the form is stored in a site database table created by the plugin. Because Popup Maker is used on sites managed and visited by EU citizens, the plugin is designed to meet the data privacy requirements of the GDPR. 

If using the Popup Maker subscription form shortcode to collect and store contact form submitted data, please refer to the related article below. The subscription form shortcode includes a 'Privacy' option tab to set up consent settings for each contact form created using the subscription form shortcode button.  

The default privacy settings for each Popup Maker subscription form is located in the WordPress Admin at: 

  • 'Popup Maker' ->
  • 'Settings' (Popup Maker Settings) ->
  • 'Privacy (option tab)' ->
  • 'Subscription Forms' 

Related article: Shortcode: Subscription Form

Popup Maker Serves as a Processor of Personal Data

Users of all WordPress form plugins that display their forms using Popup Maker, and target EU citizens for data collection will need to modify their contact forms to meet the GDPR requirements for privacy protection.  Some form plugins store form submitted data on the site from which it was collected, while others transmit the data to another server via a mail list application.  The site storage method depends on the design and setup of the form plugin and it's integration with 3rd-party software applications. 

Popup Maker acts as a data processor to assist WordPress form plugins to process or collect personal data from site visitors.  Other than the feature described in the prior section, the Popup Maker plugin and it's extensions do not collect or store the personal data of site visitors.