In this guide, you will learn how to use the privacy component to manage requests related to user information and privacy in Joomla.
In the EU, the General Data Protection Regulation (GDPR) mandates that all websites provide a way for users to access and remove their data. It gives users greater control over their privacy. If you’re not based in the EU, you don’t have to implement these practices, but it still may be a good idea to do so. Especially if you plan on interacting with users from the EU, or if you think privacy rights are important.
Joomla provides a privacy component to handle privacy requests from users. With it, users can request to export their data (get a downloadable copy of everything related to their account), or remove their data (delete their account).
These requests need to be reviewed by an administrator. Once approved, the user will be sent a link to download their data, or they will receive confirmation that their account has been deleted.
In addition to using the privacy component, you should also have a privacy policy written and published for your website, if it records user data.
Request Links
Create Request Link
In order for your users to submit privacy requests, you must first provide a link to the page where they submit requests.
In a menu of your choosing, add a new menu item of type Privacy – Create Request. You might only want to show this option to users who are already logged in, under the link to their user profile, or place it on a hidden menu and link to it from your privacy policy page.
The Create Request page is very simple. It gives the user an option to select if they want to export or remove their data, and then they hit submit.
Once the user submits their request, they must verify it by checking their email.
Verify Request Link
In the user’s email, they will be given a link to verify the request. They may have to check their spam folder.
They may either go to this link, or they can copy/paste a token code. If they copy the token, you have to provide a way for them to get to the page where they can paste it. This is the Privacy – Confirm Request menu item type. You should create that menu item in addition to the submit request menu item, and provide a way for users to access it.
Note that the user must be logged into the account they created the information request from in order for this to work.
Once verified, the user has to wait for an administrator to review the request.
Administrator Actions
After a user creates, administrators will see the request in the backend. The requests can be found on the Users → Privacy → Requests page.
If a request is pending, that means the user has submitted the request, but they have not yet verified it through their email. No action can be taken if the user has not verified the request.
Once the request is verified, the status of the request changes to Confirmed. Now an administrator may take action.
If the request is for a data export, the administrator can export the data and send it as an email to the user. This is likely the option you would want to select. If you just select “export data” it gives you a copy of the data, but it does not send a copy to the user. The exported data is provided as an XML document.
The process for removal requests is just like export requests. Once the user verifies the request, the administrator can see the request on the requests page and delete the user’s account data.
When a user requests to have their data exported or deleted, follow through as soon as possible. Your website’s super user will receive an email about the information request when it is submitted. Important privacy requests are also displayed in the Notifications module of the administrator home dashboard. By default, it takes 14 days before a request becomes important. If you would like to set this time to be shorter, you may change it under the privacy component options.
Once the data is removed or exported, you can mark the request as complete by clicking the Complete button under the request.