Sending confirmation email with unique link for identity confirmation (GDPR)
The main issue with a GDPR request (when an email address is provided by the request form) is to make sure the request comes from the legitimate source. Therefore an workflow involving sending the initial confirmation to the email address provided with an unique link to be clicked if the request is legitimate should be put in place.
Using Formidable Forms I did the following:
- I setup a Confirmation page with a custom template. Inside the custom template I was using this piece of code: https://pastebin.com/G6NsgpNr
- On the form itself I added 2 hidden fields: one token field with [get_token] shortcode value. The shortcode is to be defined to return a random string such as: md5(uniqid(rand(), TRUE)); The second field holding as static value the name of a callback function to be ran when the confirmation link is clicked
- Define that callback function to do whatever you like to do. For instance to update another hidden field inside the form to mark the confirmation event
- on the email action of the form add this link: https://example.com/confirmation/?e=[id]&a=1&v=2&t= where 1 is the field ID of the action field, 2 is the field id of the token field
The workflow is like this: the entry is created when a visitor submits a request. The initial email action is triggered by the create event and sends the unique link to the entry email address on the email address field. When the user clicks that link to validate the request, it opens the processing page (see pastebin code). The page checks if the token sent in the link matches the token saved withing the entry. If true then it performs the validation by calling the callback function.
The same confirmation page can resolve confirmations for any number of forms, just by updating the necessary field ids.
If anybody has a simpler, leaner solution I am interested to learn.