Support

Disclaimer: I am not a lawyer. I am not qualified to provide legal advice and I do not pretend to do so. The information provided herein is based on my own, personal opinions, it does not constitute legal advice and is not legally binding in any way whatsoever. If you are unsure about legal matters please consult a qualified attorney.

DataCompliance predates Joomla's com_privacy by about 9 months. In fact, several aspects of the Joomla com_privacy system (plugin architecture, captive login / redirection, data export) are based on my original work in DataCompliance back in March and April 2018.

In more practical terms, DataCompliance is infinitely more user friendly. Joomla adds a field in the user profile and redirects users to the profile edit page with zero explanation. Users have no idea WTF is going on and are unlikely to ever get back to your site. DataCompliance redirects them to a very clear page which tells them what they need to do and why they need to do it.

Joomla does not let users request a copy of their data or their account to be deleted if they do not provide consent. This is illegal. DataCompliance gives them the option to export their data or delete their account without having to provide consent.

Joomla requires a human to go through every single one of data export and account removal requests. This is kinda dumb. If the user is logged in they are de facto providing clear evidence that they are who they claim to be. There is no need to have a human in the loop. So, DataCompliance allows immediate export of your data and immediate account removal – with automated removal blockers (e.g. if someone made a purchase within the last 90 days we can't delete their account because of lawful interest, in this case the possibility that they might ask their bank for a chargeback for which we need counter-evidence from their user account).

DataCompliance is also lighter on your site because it uses purpose-built tables instead of trying to abuse the generic Joomla user profile table.

DataCompliance can back up the account removal requests to Amazon S3 (which can be set up on Amazon's side as a read-and-write-only bucket without the possibility of changing or removing entries) to fulfil the legal requirement of a permanent audit log for these requests.

Finally, Joomla's privacy extension was designed by a committee and implemented by a US citizen. Having seen how the design by committee approach works in Joomla I am not entirely sure that it actually helps with GDPR compliance. DataCompliance was written to help with the GDPR compliance of our own site based on the feedback we got from a consultant. It works for our use case and I think that it may be more useful than Joomla's com_privacy for other use cases.