First of all, Thank you for purchasing All-in-One GDPR! This documentation will explain how to install and use All-in-One GDPR on your WordPress site. Your feedback is vitally important to us. If you have any suggestions on how we can improve All-in-One GDPR we would love to hear from you



You will need to be using a server which is running the following:

PHP 5.4.5+

WordPress 4.0+

MySQL 5.6+


You can check that your current set-up meets the minimum requirements by going to the about tab found in the All-in-One GDPR sub-menu.



If you have an issue with the plugin or if you think you have found a bug, please contact with a screenshot of the error you're referring to and a screenshot of the about tab.



  1. Download the All-in-One GDPR plugin
  2. Unzip the folder, and upload it to the ‘/wp-content/plugins/’ directory
  3. Activate the plugin through the ‘Plugins’ menu in WordPress
  4. After installation, you will find a new admin menu item “All-in-One GDPR”


Getting Started

After you have installed and activated the plugin, you will see a new menu item called ‘All-in-One GDPR’. This is where all the plugin settings can be managed.


When you activate the plugin, it will create a new page called ‘Privacy’. This new page is your privacy center which your site users can visit. It contains information and features related to the GDPR data law. This page can be edited as usual in your WordPress Pages menu. The page contains a shortcode “[ privacy_center]” which is what loads the privacy center onto this page. If you wish, you can use this shortcode on a different page.


The Dashboard


Forget Me

The Forget Me feature is a core part of the GDPR data law. It allows your site users to delete their personal data that may be held within your website’s database, and in other 3rd party locations (such as Mailchimp or Intercom) that are integrated with the plugin.


The feature provides a form on your website, that lets users submit a request to be forgotten. This form can be found from the Privacy Center page. The users identity is confirmed via email.


You can view all pending and completed ‘Forget Me’ requests on the Overview tab. Here you can force delete users who are in the pending queue. You can also perform a Forget Me request on behalf of a user.


When a Forget Me request is approved, the All-in-One GDPR plugin will perform the necessary work to remove the data from your website database, and any 3rd party integrated locations you have set up.


Cookie Notice

The plugin provides you with a cookie opt-in notice. You can manage the cookie notice settings on the ‘Cookie Notice’ tab of the plugin. You can enable and disable the notice from appearing on your site. The notice contains a link to your Privacy Center page.


When a user accepts your privacy terms, the plugin remembers the users preference. If the user is a logged in user, their opt in information can be viewed on their user profile page in your WordPress Users admin menu.


Subject Access Request

This feature is a core part of the GDPR data law. It allows your site users to request a copy of the data that your hold on them, within your WordPress database and within any 3rd party integrated services. When a user makes a request, they will receive an email which contains a table of all the data the plugin could find on the user.


A user can make a Subject Access Request via the form that is found on your Privacy Center page.  You can view all pending and completed ‘Subject Access Requests’ on the Overview tab. Here you can manually process requests of users who are in the pending queue. You can also perform a Subject Access Request on behalf of a user.



The consent tool is a age for viewing your site's privacy policy and providing explicit consent. On this tab you can include your full privacy policy and an optional privacy policy overview. It is recommended that you include an overview.


When a user provides consent, a cookie will be set which contains a hash of the privacy policy that that particular user agreed to. If you update your privacy policy or cookie notice, it will invalidate the hash and ask the user to re-consent.


Your users can also use the consent page to withdraw consent. With one click a use can withdraw consent. This will show the cookie notice and prevent all remote scripts running on the page.

Contact DPO

The contact DPO form is just a simple contact form for edge case requests from users. We recommend that you set-up a dedicated email address so all submissions from this form can be sent directly to your DPO.



The unsubscribe tab is designed to remove a user from all marketing lists. This will not delete any user data from your local site but it will remove the user from any integrations you have added. A confirmation email will be sent to the user to authenticate the request.


Privacy Settings

The Privacy Settings tool has been designed so users can disable any remote scripts that aren't mission critical. If a script has been disabled by the user, the code will not be returned in future HTTP requests. All blocked scripts will be replaced by “<!-- Google Analytics blocked by All-in-One GDPR -->”, This is purely for debugging purposes and your users will never see this on the front end.