MMS in itself is a tool to help assocations comply with three of the main requirements of the GDPR:
- Right to Access
- Privacy by Design
- Data Portability
Access to their saved memberdata: allowing users to view the information collected from them. Using MMS, the members can login with their credentials and view the data that are being kept. Privacy by Design, which is achieved by integration with the Joomla ACL and all basic Joomla functions to secure accounts (such as 2FA and enforcing strong passwords). Data Portability can be found in the export to excel function for member administrators. Find the member id and export the member record to OpenXML.
In order to comply with the Right to be Forgotten stated in article 17: "erase personal data without undue delay if the data is no longer needed", we introduce the function to delete 'aged' member data.
Since MMS version 7.5.20 in the options section, you can fill in the number of days to keep data after the membership expired. The Crontab will delete members, application data, and their invoices (if you use MMS Subscription) after this number of days has passed. For member records, the End of subscription date is used for this. For invoices, the invoice date is used.
Upon installation or update, this value is set to 3650, which is 10 years. Depending on the goal that you keep the data this can be too long. To be on the safe side, choose a shorter period, like 365 or 730 days.
This new function can also be used for deleting data when the data subject objects to the processing, In other words, the option to remove the information: you will need to offer users an easy way to withdraw their consent and remove their information from your site. Fill in an end of subcription date which is > than the number of days in the options. The data will be automatically deleted the next time the cron runs !
We advise that in your installation, you also implement a Joomla account removing tool. Since there is no need to save data about Joomla users forever.