Hi all,
First, as always, a big thank you to the Joomla team, extension developers, heroes all-around. I for one, never say this enough, so now is as good a time as any.
In relation to the GDPR thing, with the help of Joomla web content management system, some great extensions, and of course making some changes, the solution I've put in place looks like it will meet the GDPR and is compatible with what I do.
For me, the "fix" is a combination of legal text changes and of course technical Joomla updates, as outlined below.
I've basically se the website up so that from now on, no one can contact me via website without first registering, or send me an email directly.
I appreciate, not everyone will want to force people to register on a website before they can use a contact form. It seems contrary to doing business. But I serve a relatively limited number of customers and clients so it works for me.
When someone chooses to register, they must first choose to accept my privacy policy and website terms of use document (these must be separate to meet the GDPR conditions).
So even registration isn't possible until a user accepts my privacy policy and website terms of use right from the outset (I prefer to deal with these hurdles early on). Additional terms are available for different services accessible only from deeper in the website.
Also, when someone registers, their details are recorded. If a user changes any of their details, those changes are also recorded, along with the IP address, what change was made, by whom, and the date and time of the change. With those records, on request, I can easily provide a PDF that shows all of the registration data and a log of the changes users or I made.
In addition, the following options become available after registering:
- (a) website users get access to my contact form (courtesy of those nice folks at RSJoomla.com, their RSForms!Pro, and their helpful blog article at:
https://www.rsjoomla.com/blog/view/433- ... rmpro.html.
- (b) Registering is separate from being able to use my contact form. For someone to actually use my contact form, they must first give express permission (click a check box) for me to collect their details through the contact form - otherwise, the user can't contact me that way. When users choose my check box called "I give InternetTIPS.com permission to collect my details through this form", that too of course gets recorded in the database (date, time, who, etc).
- (c) A submissions directory. When someone sends me a message via the contact form, that message and key details gets put into the submissions directory. When a registered user logs in, they can see copies of all of the messages they have sent to me, and optionally download a copy of one or all of those messages, and / or delete one or all of those messages.
---
In addition, for any other data I may hold about someone, all they have to do is contact me and I'll delete any email messages in my inbox - providing they're not related to any purchases. For products and services purchased, naturally, I need to keep business records for about 7 years (6 years for those who are pedantic: I prefer to include a little more leeway).
The only key item not yet covered concerns deleting a Joomla registration account. Of course, I can just do this manually after checking whether the data is needed to be retained "for business accounts purposes". For me, that's the preferred route for now.
So while of course, Joomla account deletion can be built into Joomla itself, for me, it would not be wise to turn that functionality on even if it were available, especially if account deletion is instantly permanent. Why: naturally, you don't want to give users the option to delete their own accounts if doing so damages your business records for sales, etc. For that, we business or organisation owners should control that step.
The extensions I've used to cover the GDPR include:
- RSForms!Pro:
https://extensions.joomla.org/extension/rsform-pro/
- The GDPR Bundle from RicheyWeb.com (3 plugins):
https://www.richeyweb.com/software/joom ... dpr-bundle
---
All of the extensions I've used are also available for download from the Joomla.org "Download & Extend" section.
---
For the updated legal text, I've adapted text from:
https://simply-docs.co.uk/Business_Documents.
Of course, before or after May 25, 2018, the EU / ICO may still change or modify the GDPR requirements. I just hope it's not going to be another cookies-law type debacle (though I suspect we're already in that space).
Hope that helps.