Home Forums General Issues GDPR



  • Is this plugin GDPR ready?

  • Same question here…

  • Hi guys

    Thanks for the question. I’m currently working on GDPR documentation and would love to get your input too!

    To answer your question, yes, I believe that the ACF plugin is GDPR ready.
    The plugin does not collect or process any personal data when installed on a WP website.

    The only time when data is collect is when an ACF PRO license is activated. We outline this in our privacy policy:

    Usage Information: We collect information about your usage of our Services. For example, we collect information to authenticate a license activation or plugin update. We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better. This information includes the versions of ACF and WP installed, website name, website URL, website language and timezone.

    As for the ACF website, we use WooCommerce to handle all store functionality, so there is definitely some personal information stored such as name, email, etc. Please note that we use both PayPal and Stripe to handle payment information – we don’t store any of this.

    We use Mailchimp as our email marketing tool, which from what I have read are adding in GDRP settings and sugest sending out a campaign to get people to re ‘opt-in’ for marketing material.

    Please feel free to comment below and let me know how you feel about the above, or if you have any advice, concerns or questions.

    Once question I am asking, is does ACF require any changes to the ‘Enter License Key’ panel on the ‘Custom Fields > Updates’ page to confirm and acknowledge the specific data to be sent.
    Is this going too far, or is this what GDPR is asking for?


  • Hi Elliot,

    The GDPR (as far as I understand it) is to inform your users about the information you save about them, why you need this information, how long you’ll retain the information, and give them the option to view this information and let them delete it if necessary.

    You also can’t use information gathered for one purpose for a different one (i.e. an e-mail address entered in a contact form can’t be used to send a newsletter to without the explicit agreement from the user).

    If you save any information that can track back to an individual user, this falls under the GDPR. So you might want to let people know exactly which information is sent to ACF when entering the license key. For instance, you say ‘This information includes the versions of ACF and WP installed, website name, website URL, website language and timezone’. This is all information that can’t be tracked to an individual (multiple people can be working on that website). It’ll still be good form to let it be known that you’re saving the information and why, of course. However, is this all the information that is sent (the term ‘includes’ implies that there might be more)? Is there information sent which individually identifies the user who enters the license key (such as used IP-address)? In that case, that falls under GDPR and that means the user must consent to having this information saved.

    As far as I can tell, there’s no information saved by ACF about the end-user (i.e. the regular visitor to the website that uses ACF). Is this correct? Because if there IS information saved by ACF, I then need to let my end-users know and you might need to set up a processor agreement as you’re then processing personal information about my visitors.

    Again, this is my understanding about the GDPR. If anyone else can weigh in, that would be awesome ๐Ÿ™‚

    Kind regards,


  • Hi @vivienne

    Thanks for your reply, this information is great!

    To confirm your questions:

    As far as I can tell, thereโ€™s no information saved by ACF about the end-user (i.e. the regular visitor to the website that uses ACF). Is this correct?

    Yes, this is correct. The ACF, ACF PRO and ACF Add-on plugins do not store any information about the end-user. To be very clear, ACF only saves data about the field’s you create and any values entered into those fields (as expected in a custom field plugin ๐Ÿ‘).

    We hope to have some GDPR documentation and tools available next week for all our users!
    Thanks for your support.


  • Dear Elliot,

    Regarding GDPR. Google Maps API is loading a lot of scripts in that background and itโ€™s not clear if they comply to regulations or not.

    In general, Iโ€™d love to change to some open source solution like open maps. However I probably cannot use this with ACF fields. Do you think that could be a possible feature in the future?

  • Hi @mellang

    Thanks for the reply and info.

    Yes, this has recently come to light and we are looking into solutions.

    This “grey” area we are looking into is in regards to 2 of our field types: Google Maps and oEmbed. Both these fields can include 3rd party JS which could in theory collect personal data.

    This is something that affects both WP core (oEmbeds) and any major theme / plugin builder (oEmbeds and Google Maps).

    We are dedicating all of next week to GDPR so stay tuned for updates via email / our blog.


  • Looking forward to it ๐Ÿ™‚

  • yes it think its GDPR ready!

  • Yes i think its GDPR supported, The General Data Protection Regulation is a European Union privacy law. Controllers and processors of personal data must put in place appropriate technical and organizational measures to implement the data protection principles. Business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data

Viewing 10 posts - 1 through 10 (of 10 total)

The topic ‘GDPR’ is closed to new replies.