The GDPR privacy laws come into force next week on May 25!

If you're new to the GDPR, we've got some reading resources at the bottom of this post.

In this guide, I'm going to focus on how Joomla is dealing with the GDPR.

The Joomla team aim to release a new version of Joomla 3. Originally, they were focused on Joomla 4 and had no plans to add more features to Joomla 3. But, the GDPR changes are considered important enough that there will be a GDPR-focused release: Joomla 3.9.

What Joomla GDPR changes will you see?

The Joomla developers are doing an excellent job outlining their plans for 3.9. The Joomla team plan provide three new GDPR-focused features:

  1. Tools to make it easier to submit and manage user requests. These will make it easier to the users to submit information requests and to download their data. You can track discussion of these tools here.
  2. Features that enable site owners to gain the consent of the registered users. You can read discussion of the consent tracker here.
  3. An API for extension developers so they can report the data they collect. This info can be displayed in a new com_privacy extension. You can track discussion of com_privacy here.

Joomla GDPR Feature #1. Managing user requests

These features are already close to completion. You can already test these tools by downloading the latest version of Joomla's privacy frarmework. This is a normal copy of Joomla 3, but with the GDPR tools added.

Michael Babker, who's leading the 3.9 release, explained the user-facing part of the main Joomla GDPR com_privacy extension:

  • There's a new frontend for com_privacy so users can submit and confirm information requests. There will be new menu links to make this frontend visible to users.
  • Joomla will send an email to the user after they submit a request. Users will have to click a confirmation link.
  • Initially this feature will be restricted to authenticated users. This might change in the future. However, the GDPR is less important to anonymous visitors, and a form like this could also become a spam target.

And here's Michael's summmary of the admin area of com_privacy:

  • There are new screens available via Components > Privacy. All requests sent from the frontend of the site will be stored here.
  • The administrator can move requests from Pending > Confirmed > Completed. There's also an "Invalid" option if users don't respond to the confirmation email.

Joomla GDPR Feature #2. Gaining user consent

The plan here is to port an existing plugin. This will add consent boxes when people send you data. For example, the image below shows a consent box on Joomla's contact forms.

To be honest, getting and tracking consent is a difficult problem and there's a lack of clarity around the law. Do you need to store this consent data for a fixed period of time? Does the consent expire after some time?

Joomla GDPR Feature #3. An API for extension developers

These features are the most difficult of all. Not only does Joomla need to build the platform to store data, but extension developers need to build their own integrations.

This discussion explains that the Joomla team are using a Google Summer of Code project that was created as a user activity tracker. Here is the plugin where we can choose which actions to track:

And this next image shows how the data may be stored in com_privacy:

Once this is done, it will be time to build the API for extension developers and encourage them to start reporting their data. This discussion kicks off the process of building the API. I've seen some ideas on how to encourge extension developers to integrate their code. One good idea is updating the JED to show which extensions support Joomla's privacy tools.

What can you do now?

As you can see, Joomla 3.9 won't be released in time for the arrival of the GDPR.

You will not run into legal problems if you're not compliant immediately. You may not ever run into legal problems if you're outside of Europe. But, this is a great opportunity for all of us to think more carefully about our customers' data.

The most important thing is to start the process of complying with the GDPR and show that you're taking it seriously. Some ideas:

  • Update your privacy policy to be clear about what data you collect and why you're doing it.
  • Add consent check-boxes if you're using contact forms.
  • Update your "Contact Us" page to allow people to reach you about privacy issues.

Joomla Hosting Recommendation provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $1/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.