Visforms and the General Data Privacy Regulation GDPR
The General Data Privacy Regulation GDPR became applicable on May 25th 2018. As a result we have received lots of GDPR related questions and how Visforms users can achieve GDPR compliance. This article will describe the feature which Visforms provides in order to achieve GDPR compliance. As every form, created with Visforms, is different with regards to which sort of personal data are collected and how, we obviously cannot tell you which steps you have to take on your individual website.,
Now a user cannot submit the form, unless they have checked this checkbox.
Verify that a given e-mail address exists
Visforms allows you to check, if an e-mail address which the user has entered in the form, exists.
After the form was submittedObviously it is the primary aim of a form, that a user can send you data (a request, an order...) which must be available for further processing. Basically Visforms offers you two different ways for that which can be used simulatiously. You can mail the data or a part of the data to the person who needs to see the data and/or you can store the data (temporarily) in the database and give the persons who are allowed to see the data for further processing access to the stored data in one way or another.
Individual E-Mail Configuration
The GDPR states, that the protection level which is required depends on how sensible the personal data are and what is "State of the Art" with regards to a specific technology. We assume that e-mail encryption can most probably not be called a state of the art, that is available for an average citizen. Nevertheless it is possible that, due to the kind of data, which you receive with your individual form, sending the data (or a part of it) with an e-mail that is not encrypted, might not be in accordance with the law. As Visforms alllows you to set up the e-mails completely individually you can decide by yourself, which content you want to mail. With regards to the GDPR Visforms provides you with the following e-mail options:
- You can decide individually if you want to send a result mail and/or if you want to send a user mail.
- You have complete control over the mail content (individually and independantly for the result mail and the user mail)
- You can create custom e-mail texts and you can decide for each information submitted with the form, whether it should be included in the mail or not.
This means, that you can create anything within the range from only one completely anonymous mail to yourself, which only informs you, that the form was submitted, to mails that contains all data, which where submitted with the form, and everything in between.
Individualize the result message
With Visforms you can create a custom message, that is displayed on your website, after the form was send successfully. You can use inputs, which the user has made in the form, within this message. Instead of sending a user mail, you could use this feature in order to display a sort of summary to the user, without leaving the (https protected) website.
Store user inputs in data base
You can store submitted user inputs in the database. Visforms gives you many options, which allow you to do so in a way that it is in accordance with the GDPR.
- You can decide whether or not the IP address should be stored with the user inputs
- Stored data can be modified (i.e. corrected)
- Data access can be limeted to authorized users groups, using Joomla! ACL
- (Selected) data can be display to authorized users in frontend for example if you do not want to give the authorized user access to the administration of your website. What a user can see in the fronend can be controlled, using Joomla! ACL. You can decide individally for each form field, whether it is displayed in frontend or not.
- Data can be deleted manually. (Right to be forgotten)
- Schedule automatic delete of record sets including a log file
- Each record set has a unique Id, which can be referenced in mails and which can be used in order to proof, that a record set was deleted.
- The submission date and time is stored with each record set. This information can also be used in mails
- If a record set is modified, the modification date and time and the id of the user who did the modification is stored in the database, too
- Record sets can be exported individually to a CSV-file, which can be used to satisfy the users right to access.
Plans for further development
- PDF-Generator, which will allow to create and download pdf files online
In which situations is it possible that data are shared with third parties?
Visforms Plugin Spambotcheck
The Visforms Plugin Spambotcheck, which is shipped with Visforms and which checks, if a form is potentially sumbitted by a spambot, is enabled by default. In order to make the check, the IP address from which the form is sent and (if available) the email address entered in the form is used in a request to the online spambot data bases which are enabled in the spamprotection configuration settings in the form configuration. As default the following provider of online spambot data bases are enabled.
Further on you can activate projecthoneypot.org.
Those provider use the submitted data according to their privacy policies, which ar currently available here : https://stopforumspam.com/privacy, https://www.spamcop.net/fom-serve/cache/168.html, http://www.projecthoneypot.org/privacy_policy.php und http://www.sorbs.net/.
If you use a Google Service with your form, it is possible that Google collects personal data. Google Services which migt be used in Visforms are:
- The Google Recaptcha Plugin: Used, if you enable the use of the Google Recaptcha for the form
- The Google Maps API: Used, if you create a field of type location/map for your form
Some Visforms users have manually added Google Analytics into the process of submitting a Visforms form. In this case data will be shared with Google, too.
Please note that some of the features mentions above are only available with the Visforms Subscription.