Create GDPR compliant forms in Joomla! with RSForm!Pro

in RSForm!Pro on 26 Jan 2018 having 2
RSForm!Pro GDPR Compliant Forms

1. What is GDPR?

Let's start with the beginning, GDPR stands for General Data Protection Regulation. As the name implies this is related to the user data recorded by websites when someone navigates or uses their services. The purpose of the GDPR is to improve data privacy and also the way companies/businesses approach or plan this matter.

2. Will it affect my business?

Yes, as long as you record information that can uniquely identify an individual (for example: names, photos, email addresses or IP address) you will need to comply to the new standard. The only exceptions are anonymous forms like polls or quiz forms that do not collect any personal data.

This will affect both companies that are located in EU and also those outside of the EU that process personal information regarding EU citizens.

The new legislation will be imposed starting with the 25th of May 2018.

3. What are the GDPR requirements?

Explicit Consent

Explicit Consent: users need to give explicit consent for the website to collect their information. This consent cannot be masked in a lengthy 'Terms and conditions' text, but needs to be separate and very clear to the user.

Access to information

Access to the offered information: you need to allow users to view the information collected from them on your site.

Allow option to remove information

Option to remove the information: you will need to offer users an easy way to withdraw their consent and remove their information from your site.

4. How can RSForm!Pro help me with this?

Since RSForm!Pro covers all the main requirements of the GDPR, all you need to do is install the component and you will be able to build GDPR compliant forms in no time at all. One key factor in this scenario is the fact that you will need to allow access to your form only to logged in users. Since all your site content is accessed through menu items, you can easily control the Access level of an item in order to restrict it only to logged in users.

If you are using a normal link in your content, then you can restrict the viewing of the form to logged in users only through the Access setting found in the Form info tab of the form configuration.

Now let’s see how RSForm!Pro handles each of the main aspects of the GDPR standard. We will adjust the default Simple contact form example available in the new form wizard.

Simple Contact Form Example
a. Explicit consent

This can be resolved with the help of a Checkbox field.

Add Consent Field

The most important property of the field should be the required status, this way users will not be able to submit the form without explicitly offering consent. You can easily set a field to be required from the Validations tab of the field configuration, just set the Required property to Yes. The label of the checkbox field should be something similar to 'I consent to RSJoomla! collecting my details through this form'.

Make Consent Field Required Submit The GDPR Form

You can also include a link to a more detailed Privacy Policy that users can access to read about how their privacy is handled on your website.

b. Allow submitters access to the offered information

RSForm!Pro offers a specific listing in the frontend that can be used to view submissions recorded through your form, the Submissions Directory listing. Since privacy is of most importance you will need to ensure that the submissions listing will only list the submissions made by the currently logged in user. This is easily done by accessing the Submissions Directory menu item configuration and setting the Show submissions for the User ID property to: login.

Submissions Directory Menu Item
c. Allow submitters to remove the information

With RSForm!Pro you can provide this in two ways:

1. Through the frontend Submissions Directory listing. You have full control over this listing, from the fields that are displayed in the general listing, the fields shown in the details view of a submission to enabling CSV, PDF exports and also controlling the edit and delete permissions. As was the case for the general listing, each user should only be allowed to edit and delete his own submissions, this is controlled through the Permissions tab of the directory configuration. When accessing this tab you will see a list of user groups which can be used to grant edit and delete permissions, you just need to select the Edit own submissions and Delete own submissions options.

Submissions Directory Listing

After this is done you will also need to make sure that only logged in users can access this listing, this way the component will be able to uniquely identify the submissions made by the currently logged in user and provide him with a means to remove his data from your records.

Submissions Directory Permissions

2. Through the component specific emails. RSForm!Pro offers the possibility to send multiple emails during the submission process, the most noticeable being the User and Admin emails. In these emails you can use global or field specific placeholders in order to send information regarding the submission to the user.

Email Received

Since the goal is to offer users the possibility to remove their details from your site, we will be using the User email in our configuration. When editing the form you just need to navigate to the User Emails tab, configure the body of the email by clicking the Edit the email text button and including the following global placeholder: {global:deletion}.

Email Configuration

This will create an encrypted link in the body of the email that when clicked by the user will delete the submission from the database, thus removing the user information in accordance with the new GDPR standard. The advantage of this method is the fact that users do not need to be logged in on your site in order to remove the information, simply clicking the encrypted link will trigger the removal.

Submission Deleted

Closing notes

As you can see the modifications that need to be implemented are not exhaustive, but we strongly recommend better familiarizing yourself with this new standard. The best starting point for this is the official GDPR website.

We hope that this article has helped clear some of the confusion related to this subject and helps you easily migrate to the new standard once it is enforced.



Subscribe to our blog

Found this article interesting? Subscribe to our blog for more.



Gravatar
Andrei Cristea - 08.02.2018 (01:27:19)
Well... these are two different matters

Quote :
This guide is very useful and interesting but unfortunately requires all users to be registered before sending a form.
A user who wants to remove the data entered in a form will probably want to remove them from Joomla! too.
Regarding all websites that didn't require registration, the problem of data deletion now arises for the user's data stored in the database, and Joomla! provides no way for a user to remove his account by himself.

What do you think about?
Any advices?

Regards


Our example is only meant to cover the information collected through the RSForm!Pro component. This data will be stored in the component specific database tables, thus when you delete the information through the 'Submissions Directory' listing, this will be removed from your database entirely. The actual Joomla! user account is an entirely different matter and will need to be addressed by the Joomla! team in one of the future Joomla! releases.

Quote
1

Gravatar
Defin - 06.02.2018 (03:21:50)

This guide is very useful and interesting but unfortunately requires all users to be registered before sending a form.
A user who wants to remove the data entered in a form will probably want to remove them from Joomla! too.
Regarding all websites that didn't require registration, the problem of data deletion now arises for the user's data stored in the database, and Joomla! provides no way for a user to remove his account by himself.

What do you think about?
Any advices?

Regards

Quote
1

1000 Characters left

Antispam Refresh image Case sensitive