WordPress PluginGDPR · UK GDPR · CCPA Ready

Privacy compliance beyond cookie banners

DPOKit handles data mapping, DSAR workflows, retention enforcement, and audit reporting for WordPress sites processing EU / UK personal data — so you're genuinely compliant, not just covered.

Get started freeView pricing

Free tier available · No credit card required · Self-hosted plugin

The compliance gap

Cookie banners aren't compliance

Under GDPR and UK GDPR, a consent banner is the beginning of your obligations — not the end. Here's what most WordPress sites are missing.

A cookie banner is not a compliance programme

Consent management is one small part of GDPR. Without a data map, documented lawful bases, and a working DSAR process you're exposed — even if your banner ticks every box.

Regulators want evidence, not intentions

ICO, CNIL, and DPAs ask to see your Record of Processing Activities, your retention schedules, and your DSAR response logs. Spreadsheets and good intentions don't hold up under scrutiny.

WordPress plugins scatter data everywhere

WooCommerce, contact forms, newsletters, analytics tags — each one creates personal data flows most site owners can't track. DPOKit maps, governs, and reports on all of it.

Everything you need

Four pillars of operational compliance

DPOKit moves you from reactive to proactive — replacing manual spreadsheets with automated workflows that hold up under regulatory scrutiny.

Data Mapping

Automatically scan for third-party scripts, pixels, and tracking endpoints. Generate a living data map covering every vendor, data category, and legal basis.

  • Auto-detect Google, Meta, Stripe & 50+ vendors
  • Map lawful bases: consent, LI, contract
  • Export as PDF / CSV for legal review

DSAR Workflows

Handle access, deletion, portability, and rectification requests end-to-end — from intake through verification, data collection, and response — within the 30-day deadline.

  • Embeddable intake form with email verification
  • Auto-collect data from WooCommerce, forms & more
  • Case dashboard with deadline countdown

Retention Enforcement

Define retention periods per data category, set legal-hold overrides, and let scheduled jobs automatically anonymise or delete expired records — with a full audit trail.

  • Per-category retention schedules
  • Legal-hold overrides for tax & compliance
  • Dry-run preview before enforcement runs

Audit-Ready Reports

Generate Article 30 ROPA exports, consent audit reports, DSAR activity summaries, and privacy notices — all exportable as PDF or CSV and schedulable for email delivery.

  • ROPA export meeting Art. 30 GDPR
  • Auto-draft privacy notice from detected flows
  • Schedule & email reports to nominated recipients

Designed for these frameworks

GDPR (EU)

Regulation (EU) 2016/679

UK GDPR

UK Data Protection Act 2018

CCPA / CPRA

California Consumer Privacy Act

Built for WordPress

Tested on WP 6.x · PHP 8.1–8.3

Art. 30

ROPA-compliant exports

30-day

DSAR deadline tracking

7-year

Default tax-data retention

100%

Self-hosted, data stays yours

Pricing

Simple, transparent pricing

Start free. Upgrade when you need DSAR workflows, retention enforcement, and audit exports.

Free
€0forever

Get started with consent management and a basic data scan.

Get started free
  • Consent banner & preference centre
  • Basic third-party script scanner
  • Up to 500 consent records / month
  • 1 site
ProMost popular
€29/ month per site

Full compliance for a single WordPress site processing EU/UK data.

Start Pro trial
  • Everything in Free
  • DSAR intake & case management
  • Retention policies & enforcement
  • ROPA & audit-ready reports
  • WooCommerce & forms integrations
  • Priority email support
Agency
€79/ month unlimited sites

Manage compliance across all client sites from one licence.

View Agency plan
  • Everything in Pro
  • Unlimited site activations
  • Network / multisite support
  • White-label option
  • Dedicated support channel
See full pricing comparison →

FAQ

Frequently asked questions

DPOKit automates the operational and technical parts of GDPR compliance — data mapping, DSAR handling, retention enforcement, and record-keeping. Achieving full compliance also depends on your policies, contracts, and legal review. All generated legal text (privacy notices, ROPA) is clearly marked as a draft requiring review by a qualified lawyer. DPOKit is a tool, not a substitute for legal advice.

Start your compliance journey today

Join WordPress site owners who have moved beyond cookie banners to real, auditable data governance. Free tier, no credit card required.

Get started freeView pricing

Free tier available · Self-hosted · GDPR · UK GDPR · CCPA