Developed by

Hello again, nothing to say. Good job, i found an error with the concrete5 install. The json error with sitemap it's…


GDPR stands for EU General Data Protection Regulation. This add-on will try to help you to make your website comply to this new regulation.

The GDPR add-on is is super easy to use, but is also very powerful. The add-on is recommended on all websites that run concrete5 8.2.1+ and that deal with EU citizens.

Really want to know what this add-on does? OK, lean back:


  • Scan
    • Overall settings that might affect GDPR
      • Is the connection secure?
      • Is email logging enabled?
      • The concrete5 background on the login page
      • Is public registration enabled?
      • Is a non-default mail method active?
      • Are there geolocation services active?
    • Blocks that might store / process user data
      • Combines a manual list of block types with an automatic scan
      • The automatic scan searches for files in the block folders for e.g. usage of the mail service or <form> tags
      • Mark certain block types as 'GDPR compliant'
      • Mark certain blocks on a page as 'GDPR compliant'
      • Possibility to leave notes per block type on a page
    • Tables that might store user data
      • Mark tables as 'GDPR compliant'
      • Core tables are automatically marked as compliant depending on the current concrete5 version
      • Leave notes per table
    • Packages that might process user data
  • Cleanup
    • Delete user logs when a user is deleted:
      • Based on the user id
      • Based on the email address
      • Based on the username
    • Delete Express Form entries in bulk
      • Install a job that can automatically delete express form entries.
      • Setting to change the number of days express form submissions may be kept before they are deleted.
      • Setting to also delete associated files.
    • Delete Legacy Form entries
      • Install a job that can automatically delete legacy form entries.
      • Setting to change the number of days legacy form submissions may be kept before they are deleted.
    • Ability to install a job that can process data transfer requests
    • Delete or reassign orphaned files in bulk (files from users that have been deleted)
    • Search and delete Log entries in bulk
  • Data transfer
    • List data transfer requests
    • Automated job that processes requests
    • Sends email with link to the secured download (via hash)
    • Automatically expires downloads
    • Builds a zip file that contains user data (can be enriched by other packages or custom code)
    • Contains a front-end block to request a data transfer
    • See for more information the Data Transfer section
  • Data breach
    • Ability to notify users from a certain user group in case of a data breach
    • The from email address, from name, subject, and email body can be customized
  • Cookie consent
    • Customizable colors and text
    • Opt-in, opt-out, and notice options
    • Enables or disables the tracking code depending on consent
  • Checklist to help you with the whole process
  • Settings
    • Ability to automatically remove user logs (based on user id, and/or email address, and/or user name)
    • Ability to disable tracking codes
    • Ability to disable the concrete5 background image on the login page
    • Setting to change the number of days a data transfer download is valid


  • PHP 5.6 and up
  • concrete5 8.2.1 and up

Notice regarding Cookie Consent

The cookie consent is as-is. We welcome your ideas, but can't implement all feature requests. There is no technical solution yet to block all cookies from external JavaScripts, but it will disable the tracking code. For more information, please read the Cookie Consent page.


  • English
  • German (thanks to cahueya and tsilbermann)
  • Dutch


  • With each version that adds significant features, the price will increase by $1. The starting price was $29. This is an incentive for you to buy the add-on early on and for us to keep improving the add-on.


  • We don't provide legal assistance.
  • If you install this add-on, you won't be automatically compliant to GDPR.


Cookie consent types

Cookie consent settings: Cookie consent settings

A general scan searches for settings that relate to GDPR: Overall scan

The block scan searches in files and on pages: Block scan

Per block you can leave notes and mark the block or block type as compliant: Block status

The table scan searches the database for personal information. Some tables are automatically marked as compliant depending on the c5 version: Table scan

By clicking on a table, you see a preview of what kind of data is stored: Table preview

You can mark a database table as compliant and leave notes if you'd like: Table status

Scan whether packages are installed that might process personal data: Package scan

View Express Forms and bulk delete their entries. This is not possible in the concrete5 core btw: Express Forms

Reassign or delete files where the author doesn't exist anymore. If a users is deleted, the files are not automatically also deleted: Orphaned files

Search and delete log entries for personal identifiable information: Search and remove logs

A built-in GDPR checklist: Checklist

Notify users of a certain user group in case of a data breach: Notify users

Control GDPR related settings: Settings

Automated job to remove Express Form submissions: Automated job to remove form submissions

As you can see, the GDPR package is pretty advanced. Please help the developer by leaving a review and by sticking to the one license per site policy. Thanks!

Scroll to top

Current Version: 1.6.6
Fully Translatable: Yes
Needs External Libraries: No
Compatible 8.2.1+
License: Standard
Support Response: Replies to tickets every few days.
Support Hosted: On
Needs extra server permissions: No
Needs Internet: No
Marketplace Tests:
Passed Automated Tests
Passed PRB Review