Contact Form 7 protects your forms from spammers with several different spam protection modules such as Akismet, reCAPTCHA, and Comment Blacklist. These modules help a lot, but how can you know which module has blocked a submitted message and why the module has blocked it?
You may have already heard of GDPR, the European data protection regulation that will be applicable as of May 25 this year. Although it is an EU law, you will be required to comply with GDPR as long as you are engaged in storing or processing personal data of EU citizens, even if you are not an EU citizen.
“Is Contact Form 7 compliant with GDPR?” We’ve been getting a lot of inquiries like this about GDPR, but unfortunately I don’t have a precise answer. Since I’m not a lawyer, I’m not in a position to say whether a WordPress plugin is compliant with specific legislation or not.
What I can tell you is that we always work to assist using Contact Form 7 in a privacy-friendly manner. We design Contact Form 7 carefully to allow you to make contact forms compliant with the current data protection standards, including GDPR.
The remainder of this post is my personal advice on making privacy-friendly contact forms. A lot of responsibility for making your contact forms GDPR-compliant still lies with you as the webmaster or contact form controller, but you should be able to accomplish it with this advice.