In one of our previous posts we provided an easy tutorial on how to implement the GDPR standards in your RSForm!Pro forms. One of the most common questions regarding our post was the possibility to achieve GDPR compliance without having the user create an account, login on your site. In this article we will provide the steps required for this scenario.
1. Quick recap
The GDPR standard is a new legislation that will come into effect in the near future, starting from the 25th of May and is tied to the user information you are collecting through your site. This aims to improve the privacy of each user and offer them full control over their own information on your site.
2. Aligning your form to GDPR
Since the GDPR standard is closely tied to the information you record on your users, one way to circumvent this is to not record any data at all and rely on the component specific emails in order to create a correspondence with your site users.
RSForm!Pro has a feature available that will allow you to not store any submissions data in your database. This is enabled from a simple configuration field available in each forms configuration, Form info - Save data to database, all you need to do is set this to NO and the form will not store any data regarding the user, thus your form will be GDPR compliant.
Although the information is not stored in your database, you can still use the data in the component specific emails (Admin, User and Additional emails). Based on the email used by the user in your form you will have two cases:
First case
The email is not part of the user personal information, this is the case of emails similar to office@domain.com or info@domain.com. Since the email does not refer to a particular individual from that company, it is not considered personal data. In this case you are not required to do anything.
Second case
The email is part of the user personal information, this is the case of emails such as john.doe@domain.com or jane.doe@domain.com. These type of emails specifically point to an individual from the company, thus you will need to remove this information from your inbox if requested. The best way to implement this is to explicitly describe to the user when the form is submitted that his information will be recorded in your inbox for the purpose of starting the correspondence and it can be easily removed upon request. When one of your previous submitting users requests for his email to be removed you will need to manually delete the emails from that particular address personally.
3. Wrapping things up
We hope that this helps shine some more light on the GDPR compliance and its standards. Let us know in the comment section below what you think regarding this implementation.
Auto deleting emails stored in website Db
I agree that a badly needed feature is the option to automatically delete submissions after x amount of days - with an option to set this to 1 month, 2 months, 6 months, 1 year. This is greatly needed
QuoteHello Andrew,
We have this option on our to-do list :) Stay tuned, we will write on our Blog section about this.Quote
This functionality has been implemented on RSForm!Pro ( Please read our first post: https://www.rsjoomla.com/blog/view/433-create-gdpr-compliant-forms-in-joomla-with-rsformpro.html )
Quote
Auto deleting emails stored in website Db
Having the submitted emails stored in RS Form Pro is handy.
QuoteAFAIK GDPR, doesn't stop you from storing these in the website's database, assuming you cover this in your T&C's, privacy policies, etc.
But it would be very handy to implement a feature in RS Form that allows you to store this data for a set number of days.
Some sort of auto delete/purge after x number of days.
Peter Martin has written a handy CLI script to remove all data older than 1 month: https://gist.github.com/pe7er/47bf1020b12ef29df8603fa80d1fdccd
(Technical info: This script can run automatically if it is added as cron tab on your server)
But I think it would be handy to have this as a feature of RS Form pro
Please Act!
Dear RSjoomla Team,
Quoteyou are making it to easy for yourselves. One major feature of this plugin is to have the possibily to store the data in a database (and export it to excel for example).
Please do the following ASAP:
1. Integrate the possibility to delete single submissions from the database WITHOUT logging in. How? Do it like a unsubscribe process maybe (user know already how this works). Each submission gets a unique long ID and the user gets a deletion link in the formula sent email. After clicking on the link the user has to confirm the deletion by eg. entering his full email adress.
2. Make it possible to ENCRYPT data in the database (maybe AES Encrypt for fields which can be marked as "Personal Data".
Please do it until May 25th. That would make me and other users very happy - and keep us continue to subscribe.
Regards,
A Customer
About your blog article \"Create GDPR compliant forms without requiring user login\"
Hello,
QuoteThank you again for providing some helpful insights, ideas, and feedback, relating to the forthcoming GDPR changes that occupying our minds more and more as May 25th 2018 draws near.
Referring to your "First Case" sub-heading above, relating to when users use more generic email addresses like office@domain.com or info@domain.com, I suspect though that if a user includes in their email message information that can identify them personally - such as a full name, postal address, etc., then the GDPR conditions will still automatically come into play.
Though, like most others, I'm not sure about that. No doubt we will all learn more about a month after May 25, 2018.