RSForm Pro is a well known form generator component for Joomla. When you use a form you could collect personal data. If so, you have to inform people how the data is saved and transmitted, how long you store it and if you transmit it to other recipients.
RSForm Pro is an advanced form component to create your own forms in Joomla. It has multilingual, conditional fields, responsive layout, captcha protection, possibility to add custom PHP code.
RSForm Pro and GDPR
- RSForm Pro can be configured to send an email notification to the visitor and the site admin. Even if your site is working with SSL (so under https:// ) the email will probably be sent in plain text.
- By default RSForm Pro adds the submitted form data in the database. In case of email problems it's nice to have a backup of the submissions in your database. However if you do not remove the old submissions manually, they will remain in your database for ever.
RSForm has an option to not store any submission information in the database: it's a configuration option in in each form: in the Form info tab set the "Save data to database" option to NO.
- The recent version of RSForm Pro has an option to automatically delete submissions after a period of time. The duration before the submissions are deleted can be configured separately per form.
- You can also use a CLI script available to remove all data older than 1 month: https://gist.github.com/pe7er/47bf1020b12ef29df8603fa80d1fdccd
(Technical info: This script can run automatically if it is added as cron tab on your server)
- Information from the developer RSJoomla about creating GDPR Compliant forms with RSForm Pro:
- The recent version of RSForm Pro has an option for users to allow users to view and delete their submissions via the "Submissions directory" menu item,
and a delete function to remove their own submissions through an encrypted link available in the component emails.
More information: https://www.rsjoomla.com/blog/view/442-rsjoomlas-approach-to-gdpr-compliance.html
General tips for forms
What you have to to consider when using forms on your website:
- Only collect necessary data. On a normal contact form you don't need birthdate or address.
- Use https on your website to secure the data that is being communicated through the form.
- Email notifications will probably be sent in plain text from your server to the visitor and/or administrator.