Is WP Courseware GDPR compliant?
The short answer to this question is, yes, WP Courseware is GDPR compliant.
What is GDPR (General Data Protection Regulation)? GDPR was introduced by the EU to enhance the protection of the personal data of EU citizens. Essentially GDPR only effects websites that collect or process personal data from any citizen of the EU. According to GDPR, users have the right to obtain a copy of personal data that you are storing, and they also have the right to request that the personal data be deleted.
WP Courseware version 4.2 and lower, did not collect any personal data. Course progress and quiz grades were all associated with a user ID which references the WordPress users table, but no personal data was stored in WP Courseware tables.
WP Courseware version 4.3.0 now includes a shopping cart which collects personal data for orders. This data is stored in WP Courseware's database tables created and utilized by WP Courseware. WordPress 4.9.6 now includes built in functionality that can export and delete personal data and WP Courseware simply hooks into that same functionality.
WP Courseware does not delete the data during a data deletion request, but instead anonymizes the data. Basically any data in the table that contains personal data gets overwritten by the text [DELETED]. This was designed that way so that users would still have the ability to see purchase records for financial data.
How does this work?
It all starts with a request from a customer to the site administrator to either provide a copy of their personal data, or to delete (anonymize) their personal data. Utilizing the native WordPress functionality, the site administrator then creates the request based on the users email account. This triggers an email to the user to confirm that they did in fact make the request. Once the user clicks the URL in the email to confirm the request, the site administrator is then notified by email that the request has been confirmed. The final step is for the administrator to provide the user with the data or delete the data by simply clicking a button. An email is sent to the user with a URL to download the data. The data (an HTML file) is contained in a zip file and can be opened up in any browser. Personal data from WP Courseware's tables are included in that HTML file.