Joomla User Management and GDPR

Relax and enjoy The Lounge. For all Non-Joomla! topics or ones that don't fit anywhere else. Normal forum rules apply.
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Mon Jan 15, 2018 6:53 pm

As you are new here i will forgive you for ;
not knowing that the PM system is not available to you yet .
Proclaiming after one post you have a component that will (needlessly) check pre 518 consent requirements, and people must contact you in private to hear more.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

mfleeson
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Jul 21, 2010 8:18 am

Re: Joomla User Management and GDPR

Post by mfleeson » Mon Jan 15, 2018 7:02 pm

Hi Mandville
Sorry for not knowing the procedure, it's about four years since I was last active on the forums, for a while I helped with the documentation and I've been developing components since starting using Joomla in 2010. I wasn't aware that PM was not available and that's fine I just thought as it was a discussion that I was interested in that I would outline what I'd been working on but didn't want to write a three page essay on all of the website requirements that GDPR puts on us as website owners/developers. I'm happy to wait and just submit my code when it's fully tested.
Please can I ask for clarification tho, what do you mean by (needlessly) check pre 518 consent requirements?
Best Wishes
Mark

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7525
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Joomla User Management and GDPR

Post by sozzled » Mon Jan 15, 2018 7:18 pm

Writing as someone who lives outside Europe, whose business does not involve people who live in Europe and whose webhosting provider and ISP are not based in the EU, while the GDPR provisions will, undoubtedly, affect webhosting providers, ISPs and site owners in the near future and while, it seems, the general thrust of the GDPR is aimed at protecting individual privacy, surely all websites should have a privacy policy that informs people, up front, of their rights before they register accounts?

In the same way as the so-called "cookie policy" was mandated at EU-based website owners (and, remembering that Joomla—a worldwide organisation—did nothing special to provide additional features in relation to that policy) the main responsibility for informing people of their rights lies with site owners and not with governments, webhosting companies, ISPs, open source software communities (e.g. Joomla, Wordpress and Drupal)—or even proprietary software companies that invest in this space —that are largely agnostic about what exists on the internet and who was actually responsible for putting it there in the first place.

While it might be nice for Joomla to invest some additional development effort in the GDPR space we also need to remember that, for the rest of the world, what one country (or a group of countries) mandates is not the world-wide view. To extend the argument (absurdly), imagine if the USA mandated that all websites had to use the date format mm/dd/yy or use the US system of weights and measures or, worse, include some notice like "the FBI monitors all website traffic to and from this website; please confirm your understanding of this advisory".

As I've written before in this topic, in the same manner as "the standard Joomla website" (meaning, the "standard" feature set within Joomla) is not all things to all people, neither, too, is the GDPR.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7525
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Joomla User Management and GDPR

Post by sozzled » Mon Jan 15, 2018 9:01 pm

I would also like to make a couple of other comments in relation to this topic:

1) This topic has nothing to do with Joomla security: it has nothing to do with any inbuilt security features (or failings) within the current/latest release of J! 3.x. Therefore, this topic is, in my opinion, wrongly placed in the Security in Joomla! 3.x forum category. In my view, although this topic loosely touches upon Joomla, this is a political discussion that would be better located in The Lounge.

2) Apart from the discussions involving developers about whether or not to give this matter any weight in any upcoming future release(s) of Joomla, there's nothing in J! 3.x that addresses this matter. Joomla is an open-source project with people from all over the world who contribute to it; many of the features we see in Joomla are vigorously debated—opposed or endorsed by various members of the community who may have "vested"/"geopolitical" interests in it. There's a kind of liberal democracy to open-source development but this doesn't necessarily mean that certain interests (political, business or otherwise) necessarily receive priority treatment.

3) Although I, too, don't quite understand what @Mandville meant when she wrote something about
mandville wrote:... a component that will (needlessly) check pre 518 consent requirements ...
.. I agree that it's bad form to use a forum to solicit private contact outside the forum in a way that denies the open transparency of public discussion and debate. If people have something to contribute to a discussion that begins on a discussion forum then people should use the public forum to make those contributions for everyone's benefit—not for personal benefit (or profit).
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Mon Jan 15, 2018 11:12 pm

apart from the fact your users should already know what you do with their data, and allowing for any major re interpretations in the law, pre may 2018 (0518)
consent is not retrospective: there is no requirement to obtain consent for existing practices pre 0518. so if they already know what you do with it, then you are not required to get them to consent but may be required to prove they were pre0518.
post 0518 you are required to be able to prove where/when/how you got consent and to what.

the easiest way to do this are:
not to allow any users to register and have the standard "we collect cookies, ip address " blurb to site visitors.
or as i am starting to do on 2 of my charity sites, on user logout they are presented via logout redirect the GPDR page.
Then come 0518, one of those charities has asked for all people logging in to be redirected to the profile page, which will then have a user field with consent/agreement tick boxes that must be completed, or they can tick to say they no longer wish to have their details on the site, and want to be removed. they will then receive a notice stating they should "remove all cookies, cache and bookmarks to the site...if they wish to visit again it will be under the new consent".
and guess what, its free - well maybe a little cost for the initial writing and setting the redirects but cheap option and already available.

as sozzled says, joomla gives you the tools, its up to you if you hang a picture or open a tin of paint.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

mfleeson
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Jul 21, 2010 8:18 am

Re: Joomla User Management and GDPR

Post by mfleeson » Tue Jan 16, 2018 12:12 am

apart from the fact your users should already know what you do with their data, and allowing for any major re interpretations in the law, pre may 2018 (0518)
consent is not retrospective: there is no requirement to obtain consent for existing practices pre 0518
I used the ICO's summary of GDPR Consent https://ico.org.uk/media/about-the-ico/ ... 201703.pdf as part of the research for our company.
Specifically section 'Can we carry on using existing DPA consents'

it says 'You are not required to automatically ‘repaper’ or refresh all existing DPA consents in preparation for the GDPR . But it ’s important to check your processes and records in detail to be sure existing consents meet the GDPR standard.'
And the GDPR standard says you have to have a specific yes/no consent as part of your registration and document that. We use Joomla as the user registration system for supplying products via ecommerce and products via subscriptions. As the Joomla registration does not have a specific yes/no consent option I am worried that if we were approached to prove consent for the pre 0518 registrations they would argue that it would not comply with GDPR even though it does comply with DPA. This is my concern and one my directors having taken legal advice are worried about. Hence adding a facility that pops up and asks for consent via a checkbox.

That's where we're coming from having read the EU documents and the ICO ones. This was the only discussion of joomla and GDPR that google and forum search found for me so my apologies for this being added to a Security discussion.

Mark

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7525
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Joomla User Management and GDPR

Post by sozzled » Tue Jan 16, 2018 12:21 am

mfleeson wrote:This was the only discussion of joomla and GDPR that google and forum search found for me ...
Perhaps that's all that Google found in response to your query but I've also mentioned another reference to discussions among the team of developers earlier in this topic.
mfleeson wrote:My apologies for this being added to a Security discussion.
I've asked the forum moderators to relocate the topic in a more appropriate forum category to avoid further confusion. 8)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3646
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Joomla User Management and GDPR

Post by abernyte » Tue Jan 16, 2018 9:04 am

@sozzled
imagine if the USA mandated that all websites had to use the date format mm/dd/yy or use the US system of weights and measures or, worse, include some notice like "the FBI monitors all website traffic to and from this website; please confirm your understanding of this advisory2
While there is little in either of these posts with which I disagree the suggestion that Open Source Inc., incorporated in the USA, would not stand on its head whistling dixie to comply with your given scenario is risible.
It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so. Twain

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37261
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla User Management and GDPR

Post by Webdongle » Tue Jan 16, 2018 10:47 am

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

bins_uk
Joomla! Intern
Joomla! Intern
Posts: 63
Joined: Tue Sep 04, 2007 11:53 am

Joomla & GDPR

Post by bins_uk » Mon Mar 05, 2018 11:51 am

There are a couple posts on here about GDPR, but I have seen this article on how WP is looking at things:
[ redacted ]

How are the J! team looking at this?
Last edited by imanickam on Fri Mar 23, 2018 5:24 am, edited 3 times in total.
Reason: mod (toivo) note: URL redacted. Merged the topic with the topic f=48&t=957357.

User avatar
imanickam
Joomla! Master
Joomla! Master
Posts: 27193
Joined: Wed Aug 13, 2008 2:57 am
Location: Chennai, India

Re: Joomla & GDPR

Post by imanickam » Mon Mar 05, 2018 12:59 pm

The Compliance Team (https://volunteers.joomla.org/teams/compliance-team) is looking into GDPR. One can get the meeting notes in the tab Reports of the URL referenced.
Ilagnayeru (MIG) Manickam | இளஞாயிறு மாணிக்கம்
Joomla! - Global Moderators Team | Translations Coordination Team | Tamil (தமிழ்) Translation Team

Eegan - Support the poor and underprivileged

bins_uk
Joomla! Intern
Joomla! Intern
Posts: 63
Joined: Tue Sep 04, 2007 11:53 am

Re: Joomla & GDPR

Post by bins_uk » Mon Mar 05, 2018 1:18 pm

Excellent - thanks for the pointer

Ch1vpH
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Tue Jul 12, 2016 5:18 pm

GDPR is there going to be a Joomla Update???

Post by Ch1vpH » Thu Mar 22, 2018 4:52 pm

Hi All,

I've been looking alot at the new GDPR coming in to play soon, but I and cannot find out if there is going to be a Joomla Update that covers sites in the EU?

I basically running a Virtuemart Shop (which uses the 'Joomla User Management Area' as well as a Acymailing setup for my newsletter...but cannot see anything much on the VM website or forums either - but I will ask the same question in there forum in a moment.

Any simple advise is welcome, as there are alot of over whelming sites on the GDPR rules and not to much on whats going to happen with Joomla and the GDPR.


Thanks,
Chris H.
Last edited by toivo on Thu Mar 22, 2018 5:47 pm, edited 1 time in total.
Reason: mod note: merged with similar topic

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7525
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Joomla & GDPR

Post by sozzled » Thu Mar 22, 2018 5:57 pm

See also more discussion at viewtopic.php?f=48&t=957357
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: GDPR is there going to be a Joomla Update???

Post by mandville » Thu Mar 22, 2018 7:49 pm

chrisvphogan wrote:going to be a Joomla Update that covers sites in the EU?
i personally dont see any reason or need for an update to joomla. you already have custom fields that can be used for the explicit consent on the registration. what more do you need?
I basically running a Virtuemart Shop
who should make sure their extension is GDPR compliant
Acymailing setup for my newsletter
who should make sure their extension is GDPR compliant eg by adding a consent field in the sign up
Any simple advise is welcome,
the advice i give and gave recently is "GDPR is already in effect, it is legislation in the UK, it is the 25th may that people must be compliant by or face big trouble.
the joomla magazine are running a series of articles on the GDPR.
heres some silly questions for you to also ponder,
who processes your email for your site?
where do you host your site?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

cyskye
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Mar 31, 2014 1:00 pm

Re: Joomla User Management and GDPR

Post by cyskye » Mon Mar 26, 2018 11:29 am

Hi, I'm using custom fields for joomla registration form, but my problem is that also if they accept privacy field (for example) there's no trace of that acceptance in the registration mail, so it could be difficult to demonstrate the acceptance in a simple way.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Mon Mar 26, 2018 12:07 pm

cyskye wrote: there's no trace of that acceptance in the registration mail, so it could be difficult to demonstrate the acceptance .
The acceptance of the custom fields shows on the profile.
So if you implement that the fact they registered shows the time and date is a good enough log.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

porscha
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jul 18, 2017 8:14 am

Re: Joomla User Management and GDPR

Post by porscha » Wed Mar 28, 2018 11:31 am

Hi everyone! I read many things here on the forum, but did not see anything about checkbox for giving a consent when people contact you through the contact form. The core Joomla contact form does not have such an option to have an opt-in checkbox where you have to put a link to your privacy policy, but this option has to be there according to the requirements of GDPR. This checkbox is not only mandatory for regisrtation, but in simple contact form too :) Have you ever thought of something in that direction?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Wed Mar 28, 2018 11:38 am

do you mean something like https://docs.joomla.org/J3.x:Adding_custom_fields
For custom fields in a contact

Click Components → Contact
Click Fields in the menu on the left side
Click the button New in tool bar on the top

For custom fields to show in a contact - form

Click Components → Contact
Click Fields in the menu on the left side
Select from the first select box "Mail"
Click the button New in tool bar on the top
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

cyskye
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Mar 31, 2014 1:00 pm

Re: Joomla User Management and GDPR

Post by cyskye » Wed Mar 28, 2018 1:35 pm

mandville wrote:
cyskye wrote: there's no trace of that acceptance in the registration mail, so it could be difficult to demonstrate the acceptance .
The acceptance of the custom fields shows on the profile.
So if you implement that the fact they registered shows the time and date is a good enough log.
Yes I know but, as Administrator, I could change their fields from backend, so it's not a proof. What I'm trying to understand is if there is any way to send a copy of the filled fields in the subscription mail sent both to admin and new user.
For example, when I put custom fields into contact form, those fields are sent to me (recipient) and if the user asks for a copy he also receives them in his email copy.
I would do the same thing with registration, that is: add the filled custom fields to the copy sent to the registrant, but the only variables sent in the registration email are, for example, these:

Code: Select all

$emailBody = JText::sprintf(
					'COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY_NOPW',
					$data['name'],
					$data['sitename'],
					$data['activate'],
					$data['siteurl'],
					$data['username']
Can you help me to understand how to override this email so that new user receives also forms filled?

If I can do so, then it can be enough to demonstrate date, time and what they accepted. It could be a solution for many people, I think.

Thank you in advance

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Wed Mar 28, 2018 1:59 pm

That is totally different to the question you asked. I suggest you start a separate topic on how to include custom field responses in contacters/registration email.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

porscha
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jul 18, 2017 8:14 am

Re: Joomla User Management and GDPR

Post by porscha » Wed Mar 28, 2018 5:20 pm

mandville wrote:do you mean something like https://docs.joomla.org/J3.x:Adding_custom_fields
For custom fields in a contact

Click Components → Contact
Click Fields in the menu on the left side
Click the button New in tool bar on the top

For custom fields to show in a contact - form

Click Components → Contact
Click Fields in the menu on the left side
Select from the first select box "Mail"
Click the button New in tool bar on the top
Yes, mandville, this is a very good option for doing a checkbox. Hope this will be enough for GDPR in terms of Contact forms.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37261
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla & GDPR

Post by Webdongle » Sun Apr 01, 2018 9:42 am

imanickam wrote:The Compliance Team (https://volunteers.joomla.org/teams/compliance-team) is looking into GDPR. One can get the meeting notes in the tab Reports of the URL referenced.
Is that more to do with Joomla.org rather than Joomla itself ? Nothing much appears to be happening with Joomla in that direction.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37261
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla User Management and GDPR

Post by Webdongle » Sun Apr 01, 2018 9:56 am

mandville wrote:...
The acceptance of the custom fields shows on the profile.
So if you implement that the fact they registered shows the time and date is a good enough log.
Is it really good enough for the GDPR ? When the Policy is changed then registered users need to be notified http://www.privacy-regulation.eu/en/art ... g-GDPR.htm

Also methinks the Policy needs to be displayed not just have a tickbox to say they have read it.

Users should be able to delete their personal data. There is a plugin that was tested for this but there is confusion to:
  1. If they should be able to delete their posts as well
  2. If so then how to handle the Article that has no user assigned to it
In short sweet fa is being done in Joomla core so Joomla users can comply to the new regulations.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
imanickam
Joomla! Master
Joomla! Master
Posts: 27193
Joined: Wed Aug 13, 2008 2:57 am
Location: Chennai, India

Re: Joomla User Management and GDPR

Post by imanickam » Sun Apr 01, 2018 5:09 pm

Webdongle wrote:Is that more to do with Joomla.org rather than Joomla itself ? Nothing much appears to be happening with Joomla in that direction.
True. The answer was provided to the question asked by the user bins_uk. However, there is a mention about how it would be handled by modifying core Joomla!, which may be key to implementing the GDPR solution.

A detailed discussion of GDPR implementation in core Joomla! is taking place in the issue created by Github by michele654 - https://github.com/joomla/joomla-cms/issues/19078

Another parallel discussion of GDPR is taking place in the issue created by tonypartridge - https://github.com/joomla/joomla-cms/issues/18160
Ilagnayeru (MIG) Manickam | இளஞாயிறு மாணிக்கம்
Joomla! - Global Moderators Team | Translations Coordination Team | Tamil (தமிழ்) Translation Team

Eegan - Support the poor and underprivileged

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37261
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla User Management and GDPR

Post by Webdongle » Mon Apr 02, 2018 8:57 am

Yep a patch has been created for that https://issues.joomla.org/tracker/joomla-cms/19023
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22200
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Joomla User Management and GDPR

Post by pe7er » Mon Apr 02, 2018 9:00 am

mfleeson wrote:I've been looking into applying GDPR restrictions across our websites and the biggest issue I think Joomla site managers will have is proving active consent.
You could just use Joomla's default registration process with added "I agree to the Terms of Service" checkbox.
And change in the language file for the notification email that if the user agrees with the Terms of Service, they can click the activation link to acknowledge their registration + the TOS.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content

porscha
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jul 18, 2017 8:14 am

Re: Joomla User Management and GDPR

Post by porscha » Mon Apr 02, 2018 9:12 am

Hi everyone!
I am returning to contact form checkbox case, because I am facing one problem. In custom fields, if I make a custom filed with checkbox type for giving the users right to agree with the storage and handling of their data, in order to send email, I want to place Privacy policy link into checkbox Values Text. In Joomla 3.8.3 this was possible, but after I updated to J 3.8.6 the HTML code gets stripped in Checkbox Values Text. This is not very useful, because some people may want to have HTML code in checkbox, not only in text or editor field type, where you can set your Filter to Raw.

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22200
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: GDPR is there going to be a Joomla Update???

Post by pe7er » Mon Apr 02, 2018 9:22 am

chrisvphogan wrote:I basically running a Virtuemart Shop (which uses the 'Joomla User Management Area' as well as a Acymailing setup for my newsletter...but cannot see anything much on the VM website or forums either - but I will ask the same question in there forum in a moment.
In short:
Create a Processing Index (make an inventory) of all the processes in your company where you ask/store personal data:
  • who is the controller (= responsible person)
  • what is the purpose of the data processing
  • what is the legal justification (e.g. legal obligation, fulfilment of contract, consent)
  • what data categories (customers, interested people) do you have?
  • what categories of personal data (name, address, email, IP address) do you store?
  • what categories of recipients (hosting company, cloud storage, accounting SaaS, external accountant) of people/organisations that have access to the data
  • how long do you store the data? (what's the deleting deadline)
    e.g. in some countries you should keep invoices for 6 or 7 years.
  • what technical and organisational security measures do you take? Backups, encryption (e.g.https:// ), access control)
Make sure that you are transparant about all of the above. Make sure you have a good privacy statement.

Some tips for a website that uses Virtuemart + Acymailing:
  • make sure that the connection between your customer and your site is encrypted (enable https:// )
  • configure Acymailing so that the newsletter subscription is activated via the activation link in the email.
  • make it easy to unsubscribe (have an "unsubscribe link" at the bottom of every newsletter)
  • configure "Safe path" folder where VirtueMart stores invoices and downloadable files and put it outside the public webroot.
  • only ask for information that you directly need. If you only sell your products to adults, do not ask for a birth date but just ask if they are adults (or above a certain age)
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla User Management and GDPR

Post by mandville » Mon Apr 02, 2018 9:28 am

i dont think that plugin suggested at joomla-cms/19023 would work fully as a user can say they only want some of their data processing restricted. the plugin seems to be delete everything.

on the question of how to ask for consent , i viewed some of the gdpr advice sites and found a lot arent even "ready". remember its already law, the "enforcement" is from 25th May . most of the sites are logically for business, a few are for the public. enclosed form comparison images

other sites are still in issue - phpbb , other forums and ticket systems are still ongoing on what to do .
Basically the logical 2 options for the little guy is either not to accept registrations or dont have the website on the net.
You do not have the required permissions to view the files attached to this post.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}


Post Reply

Return to “The Lounge”