The countdown for GDPR is on. The new data protection law covering all individuals within the EU region will take effect on May 25, 2018. It applies to any organisation (within or outside the region) that has, or targets customers who live in the EU.


GDPR has been introduced to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses. When GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC).

For many, preparing for GDPR may feel like a daunting task. But to help, we have introduced several new features and functionalities in the latest 7.5 release that are designed to assist you with compliance.




With this feature you can have greater flexibility over how you obtain consent to marketing and promotional emails. The new functionality allows you to choose how and when you ask your users to give consent, with new options during both registration and checkout.

The Marketing Email settings can be found in Setup > General Settings > Other.


Learn More


In an expansion to the Marketing Emails Automation features, now in addition to being able to opt in or out of marketing emails at any time from within the client area, new email merge fields allow you to include opt-in and and opt-out links in any emails you send, giving you another way to gather consent from your customers and making it easy for them to opt-out at any time.

A new one-time conversion tool also helps you to easily migrate from the current opt-out email marketing system to the new opt-in system, along with expanded mass mail sending criteria that allows you to target specific countries with your emails.

Learn More


Recording when consent is given is an important part of the concept of accountability in GDPR.

With that in mind, we've introduced a new consent log that records each time the consent setting is changed showing: the date/time of that change, who it was initiated by and the IP address of the user. This new log can be accessed via the Profile tab within the admin client's profile.


Learn More


New to WHMCS 7.5 is a data retention policy automation feature that allows you to define a period of time for which client records should be kept. This feature will help you comply with the right to erasure (or right to be forgotten) aspect of GDPR.

This feature allows you to automatically enforce your data retention policy in relation to the length of time you keep your client records for. When enabled, once the required period of time has passed with no activity, customer records can be automatically purged.

The new Data Retention Settings can be found in Setup > Automation Settings located in a new section of the same name.

Learn More


One of the individual rights of GDPR is the right to data portability.

To help you meet requests you receive for data transfer requests, we've introduced a new export feature that allows you to export an individual customers data in structured JSON format.

With support for exporting profile, service, billing and ticket history, the export can include all personal information relating to a single customer.

Learn More
Compliance should not be hard
With May 25 just a little over a month away, it's important that you take the necessary steps for your organisation to be ready when GDPR takes effect. We hope these new tools available with WHMCS 7.5 make it easier for you to meet your compliance needs and obligations with GDPR if you choose to use them.

If you would like to learn more about GDPR and how WHMCS can help, refer to our earlier blog post: How can WHMCS help with GDPR compliance