Support

  1. hdoeve
  2. General
  3. Monday, April 16 2018, 09:31 PM
  4.  Subscribe via email
Are you preparing something to support GDPR compliance?.

(GDPR stands for General Data Protection Regulation, read more about it on the official site https://www.eugdpr.org/)

Something of your own or integration with other party extensions (Joomlart, J!Extensions, etc.).
admin Accepted Answer
Admin
Hi,
sorry for late reply, it was night for us.

About GDPR, this is not something that regards our products. We offer a instrument that allow you to expand Joomla registration form by adding custom fields, it allow also to share informations about users (Users List).

Of course "what information to ask" and/or "what information to share" in the lists is something we are not responsible for, but in accordance with "the data you want to collect", "the use you want to make" and the "the storage where you want to put" (for example server location) then this is a prerogative of your company that will have to comply with the new GDPR guidelines.

We are preparing something? Nope, this is not something that regards only Joomla, Extensions or Websites, this is something that regards your company. Something about GDPR practices:
- Protect customers' personal data from unauthorized access (Breach)
- Instruct all employees on the new legislation
- Adopt an appropriate governance and data protection policy proportional to the risk in the case of Breach
- Introduce the figure of the DPO (Data Protection Officer)
- Provide technological tools necessary to monitor and prevent cyber attacks
There things are not something that you can do with a simple Joomla tool.
  1. more than a month ago
  2. General
  3. # 1
hdoeve Accepted Answer
Pro
Thanks for your response, but the new GDPR (effective next month) is not just about what to ask or share. It also requires the website owner to provide one click methods to:
- show a single list containing all information related to the user that is stored by the website (e.g. accounts, webshop/forum/comments/profile/tracking/what-ever)
- edit or delete that information
- delete account and all user related information.

In order to provide those one click / single list functions others a preparing or all ready offering extensions, including hooks for other parties (like you) to be included in these one click /single list functions.

Please check the mentioned parties as an example and note that Virtuemart, J2Store, Kunena, JomSocial and others are allready joining the bandwagon.
  1. more than a month ago
  2. General
  3. # 2
admin Accepted Answer
Admin
Hi,
Sorry but I've never heard of "one click" actions about GDPR.

Anyway Easy Profile extends Joomla user management (not replace) so show/edit/delete informations are functions inherited by Joomla.
  1. more than a month ago
  2. General
  3. # 3
onderzoekspraktijk Accepted Answer
Pro
You are both right and actions on both areas are necessary.

On the "one click area" two discussions on Github seem relevant:

There is a recent discussion about the more general implications of GDPR for joomla sites: make the core compliant and set a standard for 3rd party extension developers.
You can find it here:
https://issues.joomla.org/tracker/joomla-cms/20140

Also there is a privacy policy plugin in the making that realises some changes to get Joomla more GDPR compliant.
You can find it here:
https://issues.joomla.org/tracker/joomla-cms/20051

Its described purpose is:
" (....) This plugin will enable site owners to comply with many of the aims of the GDPR - by gaining the consent of their users to store personal information.

It does not do any form of deletion - that is far too complex an issue for any single plugin to achieve and the rules on deletion are not universal due to individual state laws on data retention for tax and legal purposes.

When enabled the plugin adds a new required field (Privacy Policy) to the user registration form. This field can optionally have a link to the full privacy article on the site AND this can be associated with the privacy article in other languages.

In addition a Short Summary of the Privacy policy is displayed on the form and if not created in the config a default will be used. (not implemented yet). This satisfies another GDPR requirement

When a user registers they cannot complete the registration unless they agree to the privacy policy. This field is set to No by default and cannot be changed. This satisfies another GDPR requirement

When they register a note is created in the user_notes table to show when they gave consent - this satisfies another GDPR requirement.

Any existing user who tries to login will be redirected to the edit profile page so that they can consent before continuing. The message displayed on redirect can be customised in the options or a default will be used.

The consent field does not appear in the admin user screens as you cannot consent for anyone else. This satisfies another GDPR requirement. But it does appear on your own profile page.

Finally a post installation message has been included."
https://issues.joomla.org/tracker/joomla-cms/20051https://issues.joomla.org/tracker/joomla-cms/20051";

Both interesting developments, and surely relevant for easyprofile users and its developer.

Best regards,
Paul
  1. more than a month ago
  2. General
  3. # 4
hdoeve Accepted Answer
Pro
Here's an example of what Joomla webdesigners will / might need: https://pixpro.net/labs/extensions/pixgdpr#features

And this is the functionality they are offering:

End user self-service
- With PixGDPR, your users will have access to the following services when logged in to your website:
- Requesting an instant Forget me! via the click of a button
- Download a sheet containing all their user related data, generated on the fly

I'am also looking at:
- https://www.joomlart.com/blog/joomla-extensions/ja-joomla-gdpr-extension-alpha-released
- https://storejextensions.org/extensions/gdpr.html

The reason I want you to look at them and hook-in is my extensive use of Easy Profile customfields on three sites and one upcoming.
  1. more than a month ago
  2. General
  3. # 5
darkolive Accepted Answer
Basic
I agree here.

I have used https://www.iubenda.com/en

for dealing with privacy laws, but a delete me and data info download are essential
  1. more than a month ago
  2. General
  3. # 6
darkolive Accepted Answer
Basic
https://pixpro.net/labs/extensions/pixgdpr#features looks most promising so far if they had clear documentation for implementing 3rd party plugins
  1. more than a month ago
  2. General
  3. # 7
admin Accepted Answer
Admin
Hi,
from what I understood the applications of the new GDPR for websites could be the following:
1) Adjustment of the Privacy Policy
2) Delete Stored Information
3) Retrieve Stored Information for owner

Adjustment of the Privacy Policy
This is required and Easy Profile already allow to add Terms and Conditions (like this site)

Delete Stored Information
This is not required to be a automatic process. Now we are waiting for some Joomla news (this should be something that Joomla should manage). If Joomla does not add something like this then we will implement this feature in the mid of May.

NOTE: When you delete and account all Easy Profile's user information will be deleted as well, this happen because Joomla have a own trigger called "onUserAfterDelete".

Retrieve Stored Information for owner's data
This is not required to be a automatic process and this is not possible to manage with All-in-one solution, because Joomla is a CMS and each Component store informations with his way.
The right way to accomplish this is that Joomla add this function and add a trigger that allow to all developers to add component's information to export.

We are open to your every thought, so feel free to answer :D
  1. more than a month ago
  2. General
  3. # 8
hdoeve Accepted Answer
Pro
GDPR also requires:
4) List all kinds/types of information that is stored
5) List stored information
6) Edit stored information.

Offcourse this can be done in various ways and is allready supported by most applications like yours, but/however

for user convenience (also an implication of the GDPR) these functions need to be offered in a 'centralized' way, that is in one place, with one clear and simple interface.

Joomlart, Pixpro, J!Extensions and others are developping just that, a centralized/uniformn way of doing things and they provide an API for integrating other parties (like Easy-Profile) to be integrated.

Maybe we should stop the discussion about what GPDR is or means, and just focus on Easy-Profile to develop plugins using those API's.

The plugin should allow Joomlart, Pixpro, J!Extensions and others to include and deal with Easy-Profile profiles, with/without Joomla core fields.
  1. more than a month ago
  2. General
  3. # 9
darkolive Accepted Answer
Basic
Agreed...

Pixpro looks best of bunch to me and ok at $10, but THEY need to provide clearer documentation as how to write the plugin as Easy Profile does, so that the implementation is seen and openly discussed?

At least that way WE can take action for ourselves without having to wait for core team dev
  1. more than a month ago
  2. General
  3. # 10
hdoeve Accepted Answer
Pro
... any new thoughts ???
  1. more than a month ago
  2. General
  3. # 11
admin Accepted Answer
Admin
Hi,
GDPR also requires:
4) List all kinds/types of information that is stored
5) List stored information
6) Edit stored information.

4) This is something that you need to explain in your privacy policy

5) 6) This is something that you already do in Edit Profile page.

for user convenience (also an implication of the GDPR) these functions need to be offered in a 'centralized' way
Easy Profile extends Joomla user management (not replace), Registration and Edit Profile pages are the same of Joomla and managed with Joomla built-in com_users component, Easy Profile custom fields and features like tabs are added with some Javascript trick and Joomla user plugins, but mainly all features are managed by Joomla core component.
Basically when you use Easy Profile to register/edit and account then you are using Joomla default pages to do this. With this way all Joomla users plugin are also compatible with Easy Profile.
I think this is the most important feature of Easy Profile.

We does not need to create a centralized way to make this, because Joomla already offer it. No make a sense that we develop a Joomla user plugin for each component, because this is something that component developer should make (of course a user plugin will works with or without Easy Profile).

From my point of view, you should not use directly Easy Profile to centralize informations; The best and unified way to make this is to use Joomla (and it will works also with Easy Profile).
  1. more than a month ago
  2. General
  3. # 12
hdoeve Accepted Answer
Pro
An example,

A Joomla community site build using, Kunena, Easy-Profile, jEvents, jComments, AcyMailings, and J2Store.

GDPR requirements:
- one single forget-me button
- one single list with all user related data (forum-items and reactions, profile fields, enrolled events and comments, assigned mailinglist, shopping-basket, favoured items, etc. etc.

Yes, Joomla has to do something (and is working on that), but the extention suppliers have to do something.

I hope what you is right: if Joomla solves this for standard user/account-info, it will automatically work for all Easy-Profile customfields.

I'll setup a test if I can find the time.

Regards,

Hans Doeve
  1. more than a month ago
  2. General
  3. # 13
darkolive Accepted Answer
Basic
Folks
I am using the Pixpro plugin and it works as should for Easyprofile. When you download user data it shows all fields that Easyprofile creates, so there is no need for the developer to do anything as already stated.

The right to be forgotten will delete or scramble encrypt user info again without Easyprofile changing anything.

The issue of other components compliance is not for Easyprofile to resolve. The plugin enables this, but that is for component developer to write / apply.

I hope this answers issue as clearly as can be. I am nothing to do with Easyprofile, but like you as user, want a good solution.

The other important aspect of the GDPR is your privacy policy and cookie statement, which must be relevant and transparent. I found best solution using a site Iubenda, which automatically creates and updates this according to any laws that apply. It only costs $27 a year, which for peace of mind ain't a lot.

You can get 10% off using this referral link : http://iubenda.refr.cc/2L9T8VB
  1. more than a month ago
  2. General
  3. # 14
admin Accepted Answer
Admin
A Joomla community site build using, Kunena, Easy-Profile, jEvents, jComments, AcyMailings, and J2Store.

My question...If you build a Joomla community site using, Kunena, jEvents, jComments, AcyMailings, and J2Store?
We use Joomla so the centralized way should be Joomla.
A possibility is to use Joomla Users Plugins (like for example your previous link https://issues.joomla.org/tracker/joomla-cms/20051 , you can find that plugin at /plugins/user/privacyconsent/privacyconsent.php), but we can't do something that each developer need to do.

For some component we have integration and some other component is already well integrated in Joomla:
for example:
Kunena - It include a plugin that allow you to use Easy Profile profiles (so Joomla edit profile page), we also offer a free plugin that allow you to see all Kunena things (Topics, Favourites,..)
Acymailing - It already allow you to add custom fields and subscription status in Joomla Registration and edit profile pages (so also in Easy Profile).

GDPR requirements:
- one single forget-me button
- one single list with all user related data (forum-items and reactions, profile fields, enrolled events and comments, assigned mailinglist, shopping-basket, favoured items, etc. etc.
These are not requirements. These are automatically ways to met some GDPR requirement. For example in your privacy policy you can write something like "To obtain or remove your informations please contact us at your-email@domain.com" (I think)

About "one single forget-me button", this is a simple very simple thing and as I wrote in my previous reply we will add this feature if Joomla will not implement (or will release some information about soon implementation) this feature until mid May.
  1. more than a month ago
  2. General
  3. # 15
hdoeve Accepted Answer
Pro
That's good news.

I'll than test the Joomlart extension (Still beta however)
  1. more than a month ago
  2. General
  3. # 16
admin Accepted Answer
Admin
Hi,
Joomla 3.9 will be compliant with GDPR, but I don't know when it will be released :(

For now we have prepared a plugin that add "Delete Account" tab in edit profile page.

How it works
It allow a tab in Edit Profile page called "Delete Account", this tab is not available for Super Admin users. Basically it Delete/Block an account in according with plugin configuration.
After user delete/block own account all admins receive an email.

How to install it
- Download and install it
- Configure the plugin from Extensions->Plugins, it is called "Easy Profile - Delete Account"
- Configuration is very simple you can only choose which action perform: Block or Delete
- Enable the plugin from Extensions->Plugins


NOTE: We recommend to test it in dev site.

Please if you use this plugin then leave here a feedback ;)
Attachments (1)
  1. more than a month ago
  2. General
  3. # 17
dolmenhir Accepted Answer
Pro
Hi all,

I'm also interested by the GDPR functions.

Note that the GDPR rules allow user to export his personal datas.
This functionality is called "Right of Datas Portability".

It should be great to allow user to export his own datas by adding a button-link on his profil page.
  1. more than a month ago
  2. General
  3. # 18
admin Accepted Answer
Admin
Hi dolmenhir,
unfortunately is not possible for us to centralize all informations from all components, Joomla has thousands of components/plugins/modules that collect informations.

The best way would be for Joomla to do this. This will be something that will be implemented in Joomla 3.9 (see article at https://www.joomla.org/announcements/release-news/5731-joomla-3-9-and-joomla-3-10.html)
  1. more than a month ago
  2. General
  3. # 19
dolmenhir Accepted Answer
Pro
Hi dolmenhir,
unfortunately is not possible for us to centralize all informations from all components, Joomla has thousands of components/plugins/modules that collect informations.

I understand and I agree with you.
But the goal it only to export the personal datas stored in the user's profile, not all component informations which, for most of them, doesn't store real personal datas but just personal settings to use these components.
  1. more than a month ago
  2. General
  3. # 20
alexwalker Accepted Answer
Pro
The user delete account function is brilliant and works ! Thanks
  1. more than a month ago
  2. General
  3. # 21
admin Accepted Answer
Admin
Hi @alexwalker,
thanks fo your feedback :D
  1. more than a month ago
  2. General
  3. # 22
LeitLux Accepted Answer
Pro
Hi,

the "Delete Account" Plugin works perfect! Simple, easy.....

Thanks
  1. 6 days ago
  2. General
  3. # 23
admin Accepted Answer
Admin
Hi @LeitLux,
thanks for your feedback :D
  1. 6 days ago
  2. General
  3. # 24
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.

Request Support

Support is currently Offline

Support Availability

Working days: Monday to Friday. The support staff is not available on weekends; in the most of cases tickets will not be answered during that time.

Reply time: Depending on the complexity of your support issue it's usually between a few minutes and 24 hours for paid members and about one week for free members. When we expect longer delays we will notify you.

Guidelines

Before you post: read the documentation and search the forums for an answer to your question.

When you post: include Site Details if you request a support (you can use the form below the reply in Site Details tab).

Auto Solved Question: If after a week the author of the post does not reply to a request by moderator, the question will be marked as resolved.

Language: only English

Easy ProfileĀ® is not affiliated with or endorsed by Open Source Matters or the Joomla Project. Joomla is Free Software released under the GNU/GPL License.