Joomla is the second most used web technology, powering 3.1% of all the websites (CMS market share of 6.2%), has a lot to do to address all GDPR issues. Making Joomla-based sites GDPR compliant is indeed a tough job. The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in last several years. This post is to inform all of our users that we are aware of GDPR, and we are taking this seriously.

What is GDPR?

GDPR (General Data Protection Regulation) was designed to harmonize data protection and privacy laws across Europe. The GDPR applies to both organisations located within and outside of the European Union upon offering goods or services to, or monitoring the behaviour of, EU data subjects. It means that if you handle EU customers even if your online business is not based in EU, this directive applies to you too. Tip for UK webmasters, the GDPR will come into effect before the UK leaves the EU.

The policy was approved and adopted by the European Union parliament and will be effective from May 25, 2018. The EU ePrivacy Regulation (ePR) has the same territorial scope as the GDPR, carries an identical penalty regime for non-compliance and is also intended to come into effect on this same day.

What are the penalties for non-compliance? Your company can be fined up to 4% of annual global turnover or €20 Million for breaching GDPR. Making your website GDPR compliant is indeed crucial.

The GDPR-ePR stuff and JoomShaper's approach

GDPR will have a huge impact on almost all web businesses, which will have a ripple effect on how your website integrates with your other digital activities. Email marketing, social media, e-commerce, registration and even basic contact forms are also included.

We are well aware of the seriousness of the changes in the law, which is why we have already started the process of discovering what adjustments may be necessary for our extensions and templates including Helix to meet the requirements.

Here are some examples of what you can expect in future to address GDPR compliance:

  • Checkboxes (Opt-in) for all forms used in the extensions (like Contact Addon already have).
  • Cookie notice bar for Helix Ultimate and Helix3 template framework.
  • Extensions that allow user registration to create a new account (SP LMS, for example) will get systems that give users the option to entirely delete an applicable user account (“Right to Be Forgotten”).
  • Access to information collected or submitted by them (via form) on your Joomla site.
  • We will integrate options for users to modify or remove their submitted personal information.
  • And other necessary measures.

In this post, our intention is to inform you about new regulations, and reassure you that we are carefully keeping an eye on what changes would be necessary to meet GDPR and ePR requirements. We suggest you to also check the 3rd party products that you are using (e.g. VM3, J2Store, HikaShop, AcyMailing etc.), to compare their features with GDPR requirements. Good luck!