Thanks for sharing this, and yes we are aware of this initiative but unfortunately we can't wait for the full suite of the GDPR compatibility in 3.10 and we have taken the matter in our own hands right now and we are trying to push out 2.2 with the entire GDPR galore as soon as we can.

Hopefully in the next few days so we all have time to test and roll out in a controlled manner

We do not have an ETA on this yet but we are trying to sort out the GDPR for EasySocial asap.

It would be really useful to know if it will be available before the deadline as if not we would need to put other measures in place whilst we wait. Even if it is released on the 25th that will be to late as people need to test etc, so I'm sure you must know if you will make it or not? A quick update on your Blog, like you do for betas etc would be very friendly and put the minds of everyone that supports European users at rest!

We will try our best to get it out before the dateline

Only 10 days before actual deadline! If you won't make it with time to spare then it would really help us all to let us know, as then we can work on contingency plans. At the moment it's tough for us as we have no way of knowing what you are going to add/modify and what we will need to do either to be ready for it or to put in some alternative measure just in case. Remember things have to be working an in place by the deadline so people need the update a little while before so they can test etc!

Look Itamar

Stackideas is not a huge company. All thirdparty developer need much more time for this. Don't stress yourself and take your site then temporary offline

It takes time, what needs time. I'm for sure, they're doing their best. Maybe they will surprise us, like they always do with amazing code and design

kind regards from switzerland - also GPDR/ DSVGO users.

Look Itamar
Don't stress yourself and take your site then temporary offline

This (Edit-> sentence above <-Edit) is what made me tilt ... with all due respect how you can write something like this, seriously...

All thirdparty developer need much more time for this.
It takes time, what needs time. I'm for sure, they're doing their best.

I am not writing the following to blame Stackideas.
The official Joomla! team did just nothing until they woke up weeks ago and they have no excuses at all in my own opinion - period.
Only a few 3rd party developers took the issue seriously early enough and are ready, others just waited until the last moment and are now in a rush...
Just a reminder GDPR has not popped out a magician hat a few weeks ago but is know to all since YEARS.

24/10/1995
Directive 95/46/EC is adopted
The European Data Protection Directive (Directive 95/46/EC) on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is adopted.

22/06/2011
EDPS Opinion on EC Communication 'A comprehensive approach on personal data protection in EU'
The European Data Protection Supervisor publishes an Opinion on the European Commission's Communication.

25/01/2012
EC proposal to strengthen online privacy rights and digital economy
The European Commission proposes a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy.

07/03/2012
EDPS Opinion on EC data protection reform package
The European Data Protection Supervisor adopts an Opinion on the Commission's data protection reform package.

23/03/2012
WP29 update on data protection reform
The Article 29 Working Party provides further input on the data protection reform discussions.

12/03/2014
EP adopts GDPR
The European Parliament demonstrates strong support for the GDPR by voting in plenary with 621 votes in favour, 10 against and 22 abstentions.

15/06/2015
The Council reaches a general approach on the GDPR
The European Data Protection Board will replace the Article 29 Working Party. The European Data Protection Supervisor will provide the secretariat for this new, independent European body of which all European data protection authorities will be members. The role of the EDPB will be to ensure the consistency of the application of the GDPR throughout the Union, through guidelines, opinions and decisions.

27/07/2015
EDPS recommendations on the final text of the GDPR
The European Data Protection Supervisor publishes his recommendations to the European co-legislators negotiating the final text of the GDPR in the form of drafting suggestions. He also launches a mobile app comparing the Commission's proposal with the latest texts from the Parliament and the Council.

15/12/2015
EP, Council and EC reach an agreement on the GDPR
The European Parliament, the Council and the Commission reach an agreement on the GDPR.

02/02/2016
The Article 29 Working Party issues an action plan for the implementation of the GDPR
- The GDPR reinforces a wide range of existing rights and establishes new ones for individuals. These include the:
- Right of data portability: You have the right to receive your personal data from an organisation in a commonly used form so that you can easily share it with another.
- Right not to be profiled: Unless it is necessary by law or a contract, decisions affecting you cannot be made on the sole basis of automated processing.

24/05/2016
The Regulation enters into force, 20 days after publication in the Official Journal of the EU
- The GDPR reinforces a wide range of existing rights and establishes new ones for individuals including:
- the right to erasure (right to be forgotten); you can request that an organisation delete your personal data, for instance where your data are no longer necessary for the purposes for which they were collected or where you have withdrawn your consent.

10/01/2017
EC proposes two new regulations on privacy and electronic communications and on the data protection rules applicable to EU institutions
The European Commission proposes two new regulations on privacy and electronic communications (ePrivacy) and on the data protection rules applicable to EU institutions (currently Regulation 45/2001) that align the existing rules to the GDPR.

06/05/2018
Data Protection Directive for the police and justice sectors into national legislation applicable from this day
Members States must have transposed the Data Protection Directive for the police and justice sectors into national legislation. It will be applicable from this day.

25/05/2018
The General Data Protection Regulation will apply from this day
Some organisations, for instance those whose core activities involve regular and systematic monitoring of personal or sensitive data on a large scale as well as public sector organisations, will have to appoint a Data Protection Officer to ensure they comply with the GDPR.

Maybe they will surprise us, like they always do with amazing code and design .

I have all confidence in Stackideas capacities.
It is the lack of investment of the official Joomla! development team that created a total confusion for the user as well as for the 3rd party developers, about what do do, what to expect and when to expect the needed adaptations.

We have only 10 days left when the EU gave us years to adapt websites to comply with it. WE have no excuses.
WE are all quite a bit stressed because WE are not developers and rely on others and WE do not know if what they are doing will fully respect the directive.

I do understand people that are stressed and again I take it as a lack of respect to write "Don't stress yourself and take your site then temporary offline"

I am confident Stackideas and other 3rd party will do their best (the sooner the better).

Look Itamar
Don't stress yourself and take your site then temporary offline

This is what made me tilt ... with all due respect how you can write something like this, seriously...

All thirdparty developer need much more time for this.
It takes time, what needs time. I'm for sure, they're doing their best.

I am not writing the following to blame Stackideas.
The official Joomla! team did just nothing until they woke up weeks ago and they have no excuses at all in my own opinion - period.
Only a few 3rd party developers took the issue seriously early enough and are ready, others just waited until the last moment and are now in a rush...
Just a reminder GDPR has not popped out a magician hat a few weeks ago but is know to all since YEARS.

24/10/1995
Directive 95/46/EC is adopted
The European Data Protection Directive (Directive 95/46/EC) on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is adopted.

22/06/2011
EDPS Opinion on EC Communication 'A comprehensive approach on personal data protection in EU'
The European Data Protection Supervisor publishes an Opinion on the European Commission's Communication.

25/01/2012
EC proposal to strengthen online privacy rights and digital economy
The European Commission proposes a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy.

07/03/2012
EDPS Opinion on EC data protection reform package
The European Data Protection Supervisor adopts an Opinion on the Commission's data protection reform package.

23/03/2012
WP29 update on data protection reform
The Article 29 Working Party provides further input on the data protection reform discussions.

12/03/2014
EP adopts GDPR
The European Parliament demonstrates strong support for the GDPR by voting in plenary with 621 votes in favour, 10 against and 22 abstentions.

15/06/2015
The Council reaches a general approach on the GDPR
The European Data Protection Board will replace the Article 29 Working Party. The European Data Protection Supervisor will provide the secretariat for this new, independent European body of which all European data protection authorities will be members. The role of the EDPB will be to ensure the consistency of the application of the GDPR throughout the Union, through guidelines, opinions and decisions.

27/07/2015
EDPS recommendations on the final text of the GDPR
The European Data Protection Supervisor publishes his recommendations to the European co-legislators negotiating the final text of the GDPR in the form of drafting suggestions. He also launches a mobile app comparing the Commission's proposal with the latest texts from the Parliament and the Council.

15/12/2015
EP, Council and EC reach an agreement on the GDPR
The European Parliament, the Council and the Commission reach an agreement on the GDPR.

02/02/2016
The Article 29 Working Party issues an action plan for the implementation of the GDPR
- The GDPR reinforces a wide range of existing rights and establishes new ones for individuals. These include the:
- Right of data portability: You have the right to receive your personal data from an organisation in a commonly used form so that you can easily share it with another.
- Right not to be profiled: Unless it is necessary by law or a contract, decisions affecting you cannot be made on the sole basis of automated processing.

24/05/2016
The Regulation enters into force, 20 days after publication in the Official Journal of the EU
- The GDPR reinforces a wide range of existing rights and establishes new ones for individuals including:
- the right to erasure (right to be forgotten); you can request that an organisation delete your personal data, for instance where your data are no longer necessary for the purposes for which they were collected or where you have withdrawn your consent.

10/01/2017
EC proposes two new regulations on privacy and electronic communications and on the data protection rules applicable to EU institutions
The European Commission proposes two new regulations on privacy and electronic communications (ePrivacy) and on the data protection rules applicable to EU institutions (currently Regulation 45/2001) that align the existing rules to the GDPR.

06/05/2018
Data Protection Directive for the police and justice sectors into national legislation applicable from this day
Members States must have transposed the Data Protection Directive for the police and justice sectors into national legislation. It will be applicable from this day.

25/05/2018
The General Data Protection Regulation will apply from this day
Some organisations, for instance those whose core activities involve regular and systematic monitoring of personal or sensitive data on a large scale as well as public sector organisations, will have to appoint a Data Protection Officer to ensure they comply with the GDPR.

Maybe they will surprise us, like they always do with amazing code and design .

I have all confidence in Stackideas capacities.
It is the lack of investment of the official Joomla! development team that created a total confusion for the user as well as for the 3rd party developers, about what do do, what to expect and when to expect the needed adaptations.

We have only 10 days left when the EU gave us years to adapt websites to comply with it. WE have no excuses.
WE are all quite a bit stressed because WE are not developers and rely on others and WE do not know if what they are doing will fully respect the directive.

I do understand people that are stressed and again I take it as a lack of respect to write "Don't stress yourself and take your site then temporary offline"

I am confident Stackideas and other 3rd party will do their best (the sooner the better).

Well good to know, but if you're not satisfied you're able to choose other CMS or Developers for your needs. I wrote my 2cents, because it won't help anyone if some customers blame everything and try to force something, what is in deed very complex.

Better it takes time and it works well, then to run it and got a bad review. If Stackideas maybe need more time, i'll take the site temporay offline. They're also humans like we. Better they code/design in peace, then write here about discussions or something like that.

Hey guys,

Firstly, I do apologize that there are delays in this. As some of you may have already read the post earlier, we had an election day the past week and it led to many of us taking 2 - 3 days earlier going back to our own state to vote.

We also arranged a team retreat which was planned months ago and because of the hiccups we had with the GDPR in EasyBlog, our schedule was pushed back.

We have thrown every single developer to work on the GDPR in EasySocial and we will be pushing out EasySocial 2.2 when we are ready. EasySocial is already partially compliant with GDPR rules as it already allows user to delete their own account and as a site owner, you can set notifications to be disabled by default unless the user chooses to activate notifications themselves.


1. Account deletion
This compliance is already in EasySocial since day 1 where users can opt to delete their account. You just need to activate this in the settings.


2. Notification consent
This compliance is already in EasySocial since day 1 where users can control what to be notified about and what not to. You just have to turn off all e-mail notifications for the user and allow them to activate them should they decide to turn it on.


3. Account download (This is what the team is working on and it is the largest scope)
The ability for users to request for their own data and also have the ability to download the data that you know about them. This needs to be downloaded by the user in a zip file inclusive of:

- Profile information
- Videos
- Audios
- Photos
- Activity stream
- Groups
- Events
- Pages
- Discussions
- Tasks
- News
- Polls
- Notes
- Friends data
- Followers data

Because EasySocial also integrates with remote storage, it needs to be able to archive all their data up and allow users to download them. This also includes all media files that are stored remotely on remote storage like Amazon S3.

As to why we are only working on GDPR recently, it is mainly because we are awaiting for updates from Joomla as we heard that they might be initiating works on GDPR and we had waited until February for some updates.

Since there wasn't any updates during that time, that is when we decided we can no longer wait for any implementation because by the time Joomla completes the internal GDPR extension, we would also need time to adapt our extension to the new extension.

This was why we decided to add GDPR support (downloading of user information) into EasyBlog 5.2 without needing any integrations with Joomla.

We cannot blame Joomla or anyone else for not announcing it sooner, but we are at fault as we should have decided this earlier rather than waiting for Joomla to be announcing anything at all.

Hi Mark,

I like the way you you packed the data in EasyBlog
Just one point: it is difficult to return the the profile once you browsed to other data.

With one single component installed on one website it is sufficient and could be adapted to ED and ES.
When you have all SI components installed on one website it should then be accessible from one place.
EasySocial is tricky because there are integrated 3rd party Apps that also generate data in ES...

What Joomlart is working on is a good idea : listing in one place all components that register data.
But it only ?deals? with part of the GDPR requirements - from what I could test it does not comply with GDPR.
The Joomlart GDPR is not a solution but a non compulsory addon (as it is today in Beta2 release).... I am not really sure they understand what GDPR is all about...

Hey Supporter,

Thanks for your input on this and yes I agree, when you have all extensions installed, it's going to be insane for your users to download their data separately.

This is why when we are crafting the GDPR framework within EasySocial, it also needs to allow 3rd party extensions to hook and include their data as well. Once EasySocial 2.2 is out, we will also integrate EasyBlog, EasyDiscuss as well as Komento with the new GDPR framework of EasySocial.

We are in a chicken and egg situation here because we do not want to add the cookies consent within EasySocial because this really is not what EasySocial should be doing. Hence, we are only going to maintain several parts of GDPR while you can use other extensions for cookies consent.

I am also playing around with https://storejextensions.org/extensions/gdpr.html which is pretty cool with their cookies management. Perhaps as we continue collaborating with them, we could find a middle ground where we could integrate the deletion / account download with them.