Support

Pre-sales

#33826 DataCompliance

Posted in ‘Pre-sales and Account Questions’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Latest post by baroen on Thursday, 01 October 2020 04:00 CDT

baroen

What does the DataCompliance extension add to the native GDPR functionality in the current Joomla! version?

nicholas
Akeeba Staff
Manager

Disclaimer: I am not a lawyer. I am not qualified to provide legal advice and I do not pretend to do so. The information provided herein is based on my own, personal opinions, it does not constitute legal advice and is not legally binding in any way whatsoever. If you are unsure about legal matters please consult a qualified attorney.

DataCompliance predates Joomla's com_privacy by about 9 months. In fact, several aspects of the Joomla com_privacy system (plugin architecture, captive login / redirection, data export) are based on my original work in DataCompliance back in March and April 2018.

In more practical terms, DataCompliance is infinitely more user friendly. Joomla adds a field in the user profile and redirects users to the profile edit page with zero explanation. Users have no idea WTF is going on and are unlikely to ever get back to your site. DataCompliance redirects them to a very clear page which tells them what they need to do and why they need to do it.

Joomla does not let users request a copy of their data or their account to be deleted if they do not provide consent. This is illegal. DataCompliance gives them the option to export their data or delete their account without having to provide consent.

Joomla requires a human to go through every single one of data export and account removal requests. This is kinda dumb. If the user is logged in they are de facto providing clear evidence that they are who they claim to be. There is no need to have a human in the loop. So, DataCompliance allows immediate export of your data and immediate account removal – with automated removal blockers (e.g. if someone made a purchase within the last 90 days we can't delete their account because of lawful interest, in this case the possibility that they might ask their bank for a chargeback for which we need counter-evidence from their user account).

DataCompliance is also lighter on your site because it uses purpose-built tables instead of trying to abuse the generic Joomla user profile table.

DataCompliance can back up the account removal requests to Amazon S3 (which can be set up on Amazon's side as a read-and-write-only bucket without the possibility of changing or removing entries) to fulfil the legal requirement of a permanent audit log for these requests.

Finally, Joomla's privacy extension was designed by a committee and implemented by a US citizen. Having seen how the design by committee approach works in Joomla I am not entirely sure that it actually helps with GDPR compliance. DataCompliance was written to help with the GDPR compliance of our own site based on the feedback we got from a consultant. It works for our use case and I think that it may be more useful than Joomla's com_privacy for other use cases.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

baroen

Thanks!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!