Akeeba Data Compliance

Akeeba Data Compliance is a GDPR and privacy regulation compliance component for Joomla. It provides a structured workflow for handling data subject requests — export, erasure, and consent management — and integrates with Joomla's core privacy framework as well as third-party components to ensure comprehensive personal data handling across the entire site.

Data Subject Requests

Under GDPR and similar regulations, users have the right to request a copy of their data (Right of Access) or to have their data deleted (Right to Erasure). Data Compliance automates both workflows. Go to Admin → Data Compliance → Requests.

Request typeWhat happens
Data ExportCollects all personal data from all integrated components, packages it as a downloadable ZIP, and notifies the user with a secure download link
Data ErasurePseudonymises or deletes personal data across all integrated components, respecting legal retention requirements
Consent WithdrawalRecords the withdrawal and triggers appropriate data handling

Component Integrations

Data Compliance uses a plugin system to gather and erase data from each integrated component. Built-in integrations include:

  • Joomla Users — core user account data
  • Joomla User Notes — admin notes on user accounts
  • Action Logs — admin action history
  • Community Builder — CB profile fields and avatar
  • Akeeba Subscriptions / OS Membership — subscription records
  • Kunena — forum posts (pseudonymised, not deleted, to preserve thread integrity)
  • HikaShop — order history and customer data

Third-party integrations are added via the Data Compliance plugin API — any extension can provide a plugin to participate in export and erasure workflows.

Data Compliance includes a consent tracking system. Consent records store:

  • The consent text shown to the user at the time of agreement
  • The date and time of consent
  • The IP address at the time of consent
  • The Joomla user account

This creates an auditable consent trail required under GDPR Article 7. Consent can be collected at registration, checkout, or via a dedicated consent form.

Data Retention Policies

Configure retention periods in Data Compliance → Data Compliance Options. Define per data type:

  • How long to retain user account data after account deletion
  • Which data types are subject to legal retention (e.g. financial records)
  • Automated erasure triggers for expired data

Front-End Self-Service

Add Data Compliance menu items to the user menu to allow self-service:

  • My Data — view a summary of stored personal data
  • Export My Data — submit a data export request
  • Delete My Account — submit an erasure request
  • Consent History — view and withdraw consents
Legal note: Data Compliance automates the technical aspects of GDPR compliance but does not constitute legal advice. Always consult a qualified data protection officer or legal counsel to ensure your specific compliance obligations are met.