The following guidance is provided as-is with no warranty of accuracy. Please consult a lawyer if you have any questions or concerns.

GDPR is an EU regulation governing the collection and use of personal information.

1. Privacy policy. Create and publish a privacy policy for your site.

2. Require a consent box on contact form submission

3. If your contact form saves to a database, know how to use a tool like PHPMyAdmin to remove their contact information. Most hosts have a tool like this pre-installed.

4. Provide a mechanism for users to request that their information be removed from your site. This can be via a new contact form or an existing contact form.

Do I need to worry about GDPR?

• A site with nothing but content? No.

• A site with Google Analytics installed? Yes.

• A site with Matomo (aka Piwik) installed? Yes.

• A contact form that collects a user's email address? Yes.

• A contact form that collects a user's IP address? Yes.

• A contact form that saves user's name, email or IP to a database? Yes.

• If you're located in the US? If you only do business with users in the U.S., no. If you do business with users in the E.U., yes as even Facebook is taking action to bypass GDPR.

Resources

• Generate a privacy policy with iubenda

• Searchable GPDR

• Ninja Forms's guidance on GDPR compliance in Wordpress