MMS gives you the tools to comply to the GDPR with standard built-in functions.

Right of access and rectification

Members have the right to access their registered data, which is integrated in MMS. Also members can be given the permission to rectify the information in defined fields of their data. More info in the documentation.

Right to be forgotten

After the retention period has expired, data is deleted automatically of members. Also the application data will be removed. More info in the documentation.

Right to data portability

Exporting the data of an individual member to Excel (openXML) involves pressing only 1 button only. After the export, the data can be send to the organization of the member's choice. More info in the documentation.

Safety by design

The integration in Joomla (ACL) makes advanced security configurations possible, with different access levels, permissions to functions within the club. The safety of the code is also checked regularely, recently in april 2018 a security audit was performed and certified. More info in the documentation.

Guaranteed

If you want a guaranteed correct and safely configured intranet installation you can hire us to configure it for you, or let us do a check-up. Contact us now.

MMS in itself is a tool to help assocations comply with three of the main requirements of the GDPR:

• Right to Access
• Privacy by Design
• Data Portability

Access to their saved memberdata: allowing users to view the information collected from them. Using MMS, the members can login with their credentials and view the data that are being kept. Privacy by Design, which is achieved by integration with the Joomla ACL and all basic Joomla functions to secure accounts (such as 2FA and enforcing strong passwords). Data Portability can be found in the export to excel function for member administrators. Find the member id and export the member record to OpenXML.

In order to comply with the Right to be Forgotten stated in article 17: "erase personal data without undue delay if the data is no longer needed", we introduce the function to delete 'aged' member data.

Since MMS version 7.5.20 in the options section, you can fill in the number of days to keep data after the membership expired. The Crontab will delete members, application data, and their invoices (if you use MMS Subscription) after this number of days has passed. For member records, the End of subscription date is used for this. For invoices, the invoice date is used.

Upon installation or update, this value is set to 3650, which is 10 years. Depending on the goal that you keep the data this can be too long. To be on the safe side, choose a shorter period, like 365 or 730 days.

This new function can also be used for deleting data when the data subject objects to the processing, In other words, the option to remove the information: you will need to offer users an easy way to withdraw their consent and remove their information from your site. Fill in an end of subcription date which is > than the number of days in the options. The data will be automatically deleted the next time the cron runs !

We advise that in your installation, you also implement a Joomla account removing tool. Since there is no need to save data about Joomla users forever.