In this guide, we’ll discuss general considerations for GDPR compliance in your Joomla forms.
First, an obligatory disclaimer: We’re not lawyers and what follows isn’t legal advice. We have a vested interest in your success under the GDPR, but if you need concrete legal counsel, talk to a lawyer.
What Is GDPR Compliance?
On May 25, 2018, new regulations will go into place within the EU that pertain to data collection. You can find the full overview via official sources, but here’s the gist:
In the simplest terms, what GDPR (General Data Protection Regulation) does is protect users from unauthorized data collection by requiring explicit consent. If data is being collected and stored, the individual providing the information needs to be aware of it and give permission before any action is taken.
Along with providing permission to collect data, the GDPR requires that users are able to request access to their data and have it removed if requested.
What Forms Do We Need to Worry About?
Not all your forms are necessarily going to be impacted by the GDPR. Running an anonymous survey or a quiz? If you’re not collecting personally identifiable information on users, your form’s not impacted. However, if you are asking for a name, email or address, the GDPR impacts that form. So, how to comply?
Request Consent
Before collecting or storing user data under GDPR, you would need to request their consent.
This can be easily resolved by adding a required checkbox field to any forms that need to be compliant. This way users will not be able to submit the form without explicitly offering consent.
To do this, first navigate to Components -> Convert Forms and create a new form or edit an existing form. Then, from the Add Field tab click on the Terms of Service field.
Once the field has been added to the form, you can add text for user consent in the field settings panel. For this example, we’ll add “I consent to site.com collecting and storing my data“. You can also include a link to a more detailed Privacy Policy that users can access to read about how their privacy is handled on your website.
The most important property of the field should be the required status. Hopefully, the Convert Forms Terms of Service field is by default a mandatory field. This way, you’ll know that every submission is compliant because without providing consent, the submission would not complete.
Frequently Asked Questions
Can I prevent Convert Forms saving the entries to the database?
It's important to note though that GDPR does not prohibit saving of personal data to the database, it just requires that you to gain consent before doing so.