Joomla User Management and GDPR

Relax and enjoy The Lounge. For all Non-Joomla! topics or ones that don't fit anywhere else. Normal forum rules apply.
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 21958
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: GDPR Compliance on Joomla contact form using Chronoforms

Post by pe7er » Sat May 05, 2018 2:06 pm

joknight wrote:I was wondering if will be required to place some form of GDPR compliance regulations into and onto my contact form that uses a forms component such as ChronoForms or form component.
Regarding the form itself:
  • Do you use the the principle Privacy by design?
    What information (personal data) do you ask for in your form?
    Only information that is needed to contact the person that uses the contact form?
  • Do you use the the principle Privacy by default (opt-in by default, not opt-out)?
    If you add options like "subscribe to newsletter", are the options unchecked by default (so they have to opt-in if they want to)
  • What do you do with the information? Send it to your own email address?
    Do you store it in your Joomla database? If you store it, how long will you keep it?
  • What do you do to protect the transport of information from the visitor to your server?
    Do you use TLS (previously SSL; the tiny lock in the address bar of your browser) to protect the communication from your visitor to your server?
Some general GDPR things to consider regarding your website:
  • Do you have a privacy statement on your website?
  • Do you describe what personal data you process (gather, user and store), how long you keep it, with whom you share it, etc?
  • Do you describe which Technical and Organisational Measures you take to protect that data?
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-founder of data2.eu GDPR Tool https://data2.eu/en/gdpr-tool

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 35161
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla User Management and GDPR

Post by Webdongle » Sat May 05, 2018 3:32 pm

Given none of the above but only the persons name and email are requested ... does the site owner need to display Privacy Policy when the visitor (obviously) knowing supplies their email address to receive a reply to their contact message?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

JJSJJS
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Wed Jun 11, 2014 7:33 pm

Re: GDPR Compliance on Joomla contact form using Chronoforms

Post by JJSJJS » Sat May 05, 2018 4:03 pm

joknight wrote:Hi there,
I was wondering if will be required to place some form of GDPR compliance regulations into and onto my contact form that uses a forms component such as ChronoForms or form component.

Thanks and very best to you,
J
That depends on what you are going to do with the data.
Is it single use and nothing is stored, then i don't think there is any issue.
But if you going to store it, then it has to be safely stored, perhaps even encrypted, in case of databreach.
Also if you plan on using this data to send emails or whatever out to the people who registered, then you need to get consent of them. And you need to explain what exactly you do with the data.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14685
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Sat May 05, 2018 4:24 pm

[Humour] to receive our latest newsletter and brochure ... send a stamped addressed envelope to.... [/Humour]
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3564
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Joomla User Management and GDPR

Post by abernyte » Sat May 05, 2018 5:50 pm

Webdongle wrote:Given none of the above but only the persons name and email are requested ... does the site owner need to display Privacy Policy when the visitor (obviously) knowing supplies their email address to receive a reply to their contact message?
Possibly! The requirement for Privacy Notices actually arose in the DPA but has been extended by GDPR.

The relevant sections are Article 12, 13, 14 .

TLDR;
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing......
In the circumstances that you posit it could be argued either way.
It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so. Twain

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3564
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: GDPR Compliance on Joomla contact form using Chronoforms

Post by abernyte » Sat May 05, 2018 5:54 pm

That depends on what you are going to do with the data.
Is it single use and nothing is stored, then i don't think there is any issue.
This view is wrong. If you are collecting personal data you must comply with GDPR.
It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so. Twain

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 35161
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla User Management and GDPR

Post by Webdongle » Sat May 05, 2018 7:56 pm

Registration with the ICO

If you handle personal data, you may need to register as a data controller with the Information Commissioner’s Office. Registration is a statutory requirement and every organisation that processes personal information must register with the ICO, unless they are exempt. Failure to register is a criminal offence.
https://ico.org.uk/for-organisations/business/

https://ico.org.uk/for-organisations/re ... ssessment/ will help with knowing if you need to register with the ICO. They have info on GDPR as well https://ico.org.uk/for-organisations/bu ... usinesses/ https://ico.org.uk/for-organisations/bu ... retailers/
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
GPixels
Joomla! Guru
Joomla! Guru
Posts: 769
Joined: Thu Aug 17, 2006 8:24 pm
Location: Canada

GDPR Core Support

Post by GPixels » Mon May 07, 2018 11:27 pm

I just read an article on the WPTavern website of what WordPress is implementing, which seems like a nice thing to do for users that own and manage a WP site. I am curious if Joomla core will do something like this:

https://wptavern.com/wordpress-4-9-6-be ... compliance

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 35161
Joined: Sat Apr 05, 2008 9:58 pm

Re: GDPR Core Support

Post by Webdongle » Tue May 08, 2018 8:49 am

GPixels wrote:.... I am curious if Joomla core will do something like this:
...
https://github.com/joomla/joomla-cms/issues/20281 not sure what features will be in it .
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

mbabker
Joomla! Hero
Joomla! Hero
Posts: 2176
Joined: Sun Feb 28, 2010 8:26 pm

Re: Joomla User Management and GDPR

Post by mbabker » Tue May 08, 2018 12:30 pm

So long and thanks for all the fish.

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e ... 3607f89281

JJSJJS
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Wed Jun 11, 2014 7:33 pm

Re: Joomla User Management and GDPR

Post by JJSJJS » Tue May 08, 2018 5:19 pm

Very good news!
Thank you!

chrisvphogan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Tue Jul 12, 2016 5:18 pm

Re: GDPR is there going to be a Joomla Update???

Post by chrisvphogan » Thu May 17, 2018 10:02 am

chrisvphogan wrote:Is there going to be a Joomla Update that covers sites in the EU?
mandville wrote: i personally dont see any reason or need for an update to joomla. you already have custom fields that can be used for the explicit consent on the registration. what more do you need?
Just getting back on to this GDPR situation and not surprised there's going to be a GDPR update...glad to see!

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14685
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Thu May 17, 2018 3:38 pm

As I said. I personally don't see any need.
I have managed to gdpr several sites without core changes.
If 3.9 is not ready and released by next week is the wp29 process going on hold ?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

mbabker
Joomla! Hero
Joomla! Hero
Posts: 2176
Joined: Sun Feb 28, 2010 8:26 pm

Re: Joomla User Management and GDPR

Post by mbabker » Thu May 17, 2018 3:57 pm

No, it's not going to be ready next week.

No, core doesn't NEED to do anything about providing these types of resources.

The intent here is to have one common way of handling it all throughout the ecosystem, with the same flexibility and extensibility that exists elsewhere. So instead of me as an extension vendor having to provide a solution that fits into the J!Extensions model, or the PixPro model, or the Akeeba model, or the RicheyWeb model, I provide one solution that works for all Joomla sites with the requisite version installed.

The end result is not going to be much different than what WordPress has done for its platform. It gives tools to make things easier for everyone, it's not a one-size-fits-all solution.
So long and thanks for all the fish.

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e ... 3607f89281

JJSJJS
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Wed Jun 11, 2014 7:33 pm

Re: Joomla User Management and GDPR

Post by JJSJJS » Sat Jul 14, 2018 8:35 am

Many many thanks for the effort you people put in to this!


Post Reply

Return to “The Lounge”