RSJoomla!'s approach to GDPR compliance

RSJoomla! and GDPR

With the new GDPR legislation coming into effect starting with the 25th of May, we decided to provide a list of how each component records personal information and how we updated each one to align with the new standards.


The first and the most popular component we have in our portfolio is RSForm!Pro. Being a form builder, the component will record quite a bit of personal information from your site users based on your implementation. Even a simple contact form will have an email and IP recorded. In order to adjust the component to the new GDPR requirements we have done the following:

  • possibility to not store any submission information in the database. This is easily done through a configuration option available in each form: in the Form info tab set the Save data to database option to NO.
  • allow users to view and delete their submissions. This is provided through the Submissions directory menu item.
  • users can also delete their submissions through an encrypted link available in the component emails.
  • automatically delete submissions after a period of time. The duration before the submissions are deleted can be configured separately per form.

A second favorite, RSFirewall! records information regarding where your site is accessed from. Although this information is mainly used to help better protect your website, IPs are still being recorded in the system logs.

Since this information is listed under the GDPR rules, we have introduced an automatic deletion/clearing of these logs after a specific time period, this ensures that old data is automatically removed. You can set this duration from Components > Firewall Configuration > Logging Utility > Days to keep log history.


Our support desk solution, RSTickets!Pro, puts heavy emphasis on privacy, only the user that submitted a particular ticket and your configured staff members can view the ticket conversation. When someone submits a ticket without having an account, one is automatically created for them. Keeping this in mind, profile specific information will be recorded by the component like name, email, IP. In order to comply with the GDPR restrictions we have implemented the following:

  • when submitting a ticket or adding a reply users will need to provide explicit consent through a checkbox field.
  • possibility to disable the IP and User Agent storing from the user information. This can be done from the general configuration.
  • allow users to anonymise their ticket information.
  • admins can also anonymise information at your users request.

The content management extension, RSMembership! will record information regarding users for both their transactions and available subscriptions. In order to align the component with the GDPR standard we have provided the following features:

  • you can easily add a custom field for requesting specific consent from users for recording their information.
  • users can view their subscriptions and account information through the RSMembership! specific menu items : Show subscriber memberships and Show subscriber account.
  • allow users to anonymise their information.
  • admins can also anonymise information at your customers request.
  • disable the IP storing from the component configuration.

In order to build a newsletter list you will need to record user information. Even if the RSMail! component offers full control over the newsletter lists you create and what fields are needed during the subscription, you will still need to record the user email at the least. The latest component patches provided the following GDPR specific features:

  • you can disable the storing of user IPs from the general component configuration
  • when subscribing to a newsletter list through the component module or when editing their newsletter subscription information, users will need to provide explicit consent.
  • users can view their information and available subscriptions through the RSMail! menu item. This also provides users the possibility to edit their information and unsubscribe from a specific newsletter list. Users can also delete their entire subscription information from this menu item as well.

Since RSSeo! focuses on optimizing your website for search engines, the only information recorded that falls under the GDPR legislation is related to your site visitors, more specifically the IPs used to access your site. As a result you can now choose to ignore the IPs of your site visitors from the general component configuration.


RSMediaGallery! is the easiest component to ensure GDPR compliance since this does not record any user information.


We hope that this will offer you peace of mind and you will continue to use our extensions without worries when transitioning to the new GDPR legislation era. Please leave your opinions in the comments system below and also stay tuned for the second part of this post that will cover the rest of our extensions.

Subscribe to our blog

Found this article interesting? Subscribe to our blog for more.

1000 Characters left