GDPR is there going to be a Joomla/VM Update???

[ch1vph]

Hi All,

I've been looking a lot at the new GDPR coming in to play soon, but I cannot seem to find anything official on the Joomla website nor can I find if there is going to be a Joomla Update for 'Joomla User Management Area' which is storing my Virtuemart shoppers information...

I basically running VM and a Acymailing setup...but again I cannot see anything much on the Joomla website or forums either - but I will ask the same question in there forum in a moment.

Any advise is welcome, as there are a lot of over whelming sites on the GDPR rules and not to much on whats going to happen with Joomla/VM and the GDPR.


Thanks,
Chris H.

[Jörgen]

Hello
Is there really something more needed ? Extra information about consent to use user data can be placed in the TOS. What more should there be done in Your oppinion ?

regards

Jörgen @ Kreativ Fotografi

[ch1vph]

No that's great if that's all it is, as I was only just wondering about it myself really...(with a month to go

But as far as I'm aware (and apart from another TOS box) There are two main factors; firstly users need to be able to view the information collected from them on your site - which I suspect is all OK in VM account area...

And secondly 'you will need to offer users an easy way to withdraw their consent and remove their information from your site.' which again I think is possible in VM account area??

My only thought on the matter was that there are a lot of checklists going about and rules in the new law, which lead me to think there was going to be more needed from VM website owners, but if not all the better

Thanks again

[AH]

firstly users need to be able to view the information collected from them on your site

That is not accurate - GDPR does not require such a thing, it is a guidance.  Imagine trying to provide such a thing for non registered users - how would you comply then.  You can provide suitable copies of information if requested.

The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information (Recital 63). This will not be appropriate for all organisations, but there are some sectors where this may work well.

And secondly 'you will need to offer users an easy way to withdraw their consent and remove their information from your site.'

Again other aspects should be considered - Take for example invoices - You obligations under country law to store such data for a set period of time.  A user's request to "purge" such data does not override your legal need to keep it.

In addition - data protection makes no distinction between electronic and paper copies of data.  So don't go throwing those old documents in the general rubbish bin :-)

[balai]

As far as i know there is no need to supply an automated way for the users to modify or remove their data.
You can supply an email or a form that they can submit in that case.

As for the time of the data storage. Yes there is a minimum but they should be informed about that.

[joomlaguy99]

It looks like extensions developers are going to release some tools for the GDPR management.

Currently i found this new one that seems to integrate with Virtuemart too: https://storejextensions.org/extensions/gdpr.html