On May 25th, 2018 the GDPR comes into force and we have been getting a lot of queries from our members regarding the same. To make things easier for our members we are developing a GDPR extension for Joomla sites. A centralized place for site users to view, edit and understand how their submitted data is processed by the site owners. Here is the preview and with your feedback, we will improve as we move towards stable release.
1. What is GDPR?
GDPR stands for General Data Protection Regulation, read more about it on the official site. In short with GDPR compliance a user should be asked for consent before taking his or her personal data, view / edit his submitted data and on part of the site owner (controller/processor) need to make sure they protect the user data and if breached inform the affected users timely as well as concerned authorities. That's the gist of it. If you handle EU customers even if your business is not based in EU, this directive applies to you too.
2. What GDPR compliance requires ?
- Explicit Consent
- Access to information
Users should be able to to view the information collected or submitted by them on your site.
- Edit / port their data
Give options to users to modify or remove their submitted personal information.
3. JA Joomla GDPR Extension:
To keep it simple, we are developing it on a core and add-ons principle. The core takes care of Joomla GDPR compliance and with the add-ons (plugins) users can extend GDPR compliance for 3rd part extensions.
JA Joomla GDPR Extension Core Component main features:
A. Joomla Core -
- list user account / profile details : Name, username, password, email.
- Allow user to edit / update info (name, password, email and even usernames)
- Allow user to delete account.
B. Custom Section -
- To add relevant information the site users need to know - this we are sure would be different for each website based on 3rd party services or data processing. So for now, its simple custom HTML
- Email action for admin to manual update / remove information collected from users but not stored on site.
- list out data collection services from which data can not be deleted as these are anonymous, example: google analytics, mixpanel etc…. We only list them and inform users that anonymous data was collected by these services and no personal information was provided to these 3rd party services.
JA Joomla GDPR Addons / Plugins :
The below is indicative list, the release depends upon the feedback and requests from members.
- Social extensions ; JomSocial, Easysocial, Community Builder
- iJoomla extensions : Guru, Adagency, Publisher
- Contact forms : Breezing forms,
- Newsletter extensions : Acymailing
- Event extensions : Jevents, Event booking
- Shopping carts : virtuemart, j2store
4. JA GDPR component sneak peak
4.1 Joomla core
4.2 Custom Section - Manual deletion request
In case your site uses third-party services like Sendy, Facebook messenger, Intercom ..., you can not track user info, you can create custom content to ask a user to request deletion manually.
4.3 3rd party extensions: Kunena, JomSocial and more to be supported
Some thoughts :
- The Joomla GDPR extension needs to be flexible in all sense as the requirements would vary and users would want to customize probably each notice, text. We understand this and will keep it as flexible as possible.
- Consent part - This is best implemented in Joomla core (contact us / registration forms) and in 3rd party extensions workflow. There is still a good 1.5 months to go and we are hopeful that more and more extension developers will provide this consent support. You might want to view this new feature PR for the Joomla core.
- What to do with transactions? I am sure they might have user info but at the same time those are legal transactions and governed by multiple other laws that would want such info to be preserved for accounting, legal, taxes etc.
Feel free to comment, suggest features in the comment box below.