
Privacy in Joomla
Sooner or later, every website owner meets the same email: "Please send me all the personal data you hold about me, and then delete it." A few years ago that message would have caused panic. But Joomla solves this with a feature that has been included in de Joomla core since 2018.
The Privacy Suite (the component com_privacy, plus a small family of plugins) turns data-protection law from a scramble into a workflow. It lets you export everything Joomla knows about a person, remove or anonymise it, record that visitors agreed to your privacy policy, and show exactly which parts of your site process personal data.
Joomla gives you the GDPR tools in core, so you handle data requests with a button instead of a spreadsheet.
This article explains how the Privacy Suite works, from the basics for owners and editors, through daily handling for administrators, to the plugin events developers use to make their own extensions privacy-aware. The goal is simple: help you meet a data-subject request with confidence the day one lands in your inbox.
1. The Basics
1.1 What is the Joomla Privacy Suite?
The Privacy Suite is Joomla's built-in toolkit for data-protection law such as the EU's GDPR. Joomla introduced it in version 3.9 (May 2018) and it has shipped in core ever since. It is not a single screen but a small set of cooperating parts:
- A component,
com_privacy, with a dashboard, requests, consents, and capabilities. - A group of
privacyplugins that know how to export and remove data for one area each. - A Privacy Consent system plugin that asks logged-in users to agree to your privacy policy.
- A Terms and Conditions user plugin for the registration form.
You do not install anything. Everything described here is already in your Joomla. You only need to switch on and configure the parts you want.
1.2 What "Personal Data" Means Here
Under GDPR, personal data is any information that can identify a living person. On a typical Joomla site that includes:
- The name, username, and email in
#__users. - Contact-form and contact-component entries.
- Private messages between users.
- IP addresses stored in the action log.
- The record that a person consented to your privacy policy.
The Privacy Suite is built around two rights that the law gives every person: the right of access (give me my data) and the right to erasure (delete my data). Joomla calls these an export request and a removal request.
1.3 Where Do I Find It?
In the Joomla 6 backend the Privacy Suite lives under the Users menu:
Users → Privacy the Privacy heading opens the dashboard
Users → Privacy → Requests export and removal (information) requests
Users → Privacy → Capabilities what data each area processes
Users → Privacy → Consents who agreed to the privacy policy
System → Manage → Plugins the privacy and consent plugins
The component itself lives at administrator/components/com_privacy/. Two small naming quirks are worth knowing up front. First, it sits under Users, not under System, which trips up people who expect a privacy tool to be a system setting. Second, there is no separate "Dashboard" link: the Privacy heading in the menu is the dashboard. The Requests screen also reads Privacy: Information Requests at the top of the page, even though the sidebar link is just Requests.
1.4 What the Privacy Suite Does Not Do
One point clears up most confusion before it starts: the Privacy Suite is a framework for information requests and consent records, not a magic compliance button. In particular, it does not handle:
- Cookie banners or cookie consent.
- Analytics and tracking consent, such as gating Google Analytics or Matomo until a visitor agrees.
- Marketing opt-ins for newsletters or advertising.
- Third-party scripts that load before a user has agreed.
Those need separate configuration or a dedicated cookie-consent extension. Installing com_privacy does not, on its own, make a site GDPR compliant. It gives you a structured way to answer data-subject requests and record consent, which is one important piece of compliance, not the whole of it.
2. The Privacy Dashboard
2.1 Your Starting Point
Click the Users → Privacy heading. The dashboard is the control room for the whole suite. It shows, at a glance:
- How many requests are pending and waiting for you to act.
- How many requests are urgent, meaning they are close to the legal deadline.
- A reminder to publish and link a real privacy policy.
- Quick links to create a request or open the options.
2.2 The Urgent Threshold
GDPR gives you one month to answer a data-subject request. To avoid surprises, Joomla flags a request as urgent before that deadline. You set the threshold under Users → Privacy → Requests → Options, in the field labelled Days To Consider Request Urgent. The default is 14 days, and Joomla caps the field below 30, so the setting always stays inside the one-month legal limit.
The dashboard turns that number into a visible counter. If the urgent count is above zero, something needs your attention today.
Back to top3. Information Requests: Export and Removal
3.1 The Two Request Types
Everything the suite does for an individual flows through a request. There are exactly two kinds:
| Type | Right it serves | Result |
|---|---|---|
| Export | Right of access | An XML file with all the person's data. |
| Removal | Right to erasure | The person's data deleted or anonymised. |
A request is tied to one email address, not to a user id. That is deliberate: the person asking may be a guest who filled in a contact form, not a registered user.
3.2 Creating a Request as an Administrator
To handle a request that arrived by email or post:
- Go to
Users → Privacy → Requestsand click New. - Enter the person's email address.
- Choose Export or Removal.
- Save. Joomla emails a confirmation link to that address.
The confirmation step matters. By sending a token to the email address, Joomla makes sure the person who controls that mailbox actually wants the action. This stops one user from deleting another user's account by guessing an email.
3.3 Letting Users Submit Their Own Requests
You can also let people start the process themselves, without an admin in the loop. The Privacy component ships front-end menu item types for exactly this:
- Create Request: a public form where a visitor enters their email and chooses export or removal.
- Confirm Request: the landing page the confirmation email links to.
- Extend Consent: a page where a logged-in user renews their privacy consent.
Build a menu item of each type, link them from your privacy policy page, and the whole confirm step runs on its own. You still process the confirmed request by hand, which keeps a human in control of any deletion.
3.4 The Confirmation Email and Mail Templates
The whole request flow depends on one email reaching the person. Joomla sends it through its central mail templates system, so you can review and translate the wording under System → Templates → Mail Templates. Find the privacy request confirmation template and adjust the text to sound clear and non-technical.
Because that email is the gatekeeper, make sure it actually arrives:
- Use a real SMTP service rather than PHP
mail()for reliable delivery. - Set up SPF, DKIM, and DMARC so the message is not filtered as spam.
- Send a test before you open a public request form.
If mail does not work, requests pile up at Confirmation Pending and the whole suite quietly stops being useful.
Back to top4. The Request Lifecycle and Statuses
4.1 The Path a Request Takes
Every request moves through a small set of states. Reading them correctly is the key skill for handling privacy work:
Confirmation Pending token emailed, waiting for the person to click
↓
Confirmed (Pending) person clicked the link, ready for you to act
↓
Completed you exported or removed the data
↓
Invalid request rejected or abandoned
A fresh request starts at Confirmation Pending. When the person clicks the link in their email, it becomes Confirmed and appears in your work queue. After you run the export or removal, you mark it Completed. If a request is fake, expired, or duplicated, you set it to Invalid.
4.2 Acting on a Confirmed Request
Open a confirmed request and you see two action buttons in the toolbar, matched to the request type:
- For an export, Export Data gathers everything and produces an XML document of the person's data.
- For a removal, Remove Data asks every privacy plugin to delete or anonymise its part.
Before a removal runs, Joomla asks each plugin whether the data can be removed. A plugin can block the removal, for example if the user is a Super User or still owns published content. This safety check prevents a self-service form from wiping an administrator account.
4.3 Why You Keep the Record
After you complete a request, the request row itself stays in the list as proof that you acted, and when. That audit value is the reason the request log is not auto-deleted. Treat the Requests list as your evidence that you met your legal duty.
4.4 Who May Act on Requests
Processing a request can export or erase a person's data, so it is a sensitive permission. Treat it that way. Under the component's Permissions (on the Options screen), grant access only to trusted administrators, and keep the number of people who can run an export or a removal small.
A sensible pattern mirrors the action-log approach: a dedicated data-protection role that can view and process requests, while ordinary editors have no access to the Privacy screens at all. The fewer hands that touch personal data, the easier your duty of care is to defend.
Back to top5. Consents: Recording Agreement
5.1 What a Consent Record Is
The law often asks you to prove that a person agreed to something, and when. The Users → Privacy → Consents view is that proof. Each row records that a specific user agreed to a specific document (your privacy policy) at a specific time.
A consent record stores the user, the subject and body of what they agreed to, the date, and a state (valid or revoked). Because the suite saves the actual text the user saw, you can show later exactly what they agreed to, even if you change the policy afterwards.
5.2 Where Consents Come From
Consent rows are written by the Privacy Consent plugin (section 6) when a logged-in user ticks the agreement box. They are not created by hand. The Consents view is read-only in spirit: you review and, if needed, invalidate a consent, but you do not type one in.
This is the same philosophy as the action log: a record you can freely edit is not trustworthy evidence, so Joomla limits what you can change.
Back to top6. The Privacy Consent Plugin
6.1 What it Does
The plugin System - Privacy Consent (plg_system_privacyconsent) makes sure your registered users have actively agreed to your privacy policy. When it is enabled, a logged-in user who has not yet consented is redirected to a consent form and cannot use the site normally until they agree.
Find it under System → Manage → Plugins → System - Privacy Consent. It is disabled by default, because forcing consent only makes sense once you have a real privacy policy to point at.
6.2 The Key Settings
| Setting | What it does |
|---|---|
| Privacy Type | Link to an Article or a Menu Item as the policy. |
| Privacy Article / Menu Item | Which article or menu item holds the policy text. |
| Privacy Note | The short text shown next to the agreement checkbox. |
| Consent Expiration | Whether a consent expires after a number of days. |
| Consent Expiration in Days | How long a consent stays valid before a renewal is asked. |
6.3 Expiring and Renewing Consent
If you enable expiration, Joomla treats a consent as stale after the set number of days and asks the user to agree again on their next visit. This is useful when you update your policy and want a fresh, dated agreement from everyone. Pair it with the Extend Consent front-end menu item so users have a clear page to renew on.
Leave expiration off if your policy rarely changes. A never-ending stream of "please agree again" prompts annoys users and adds little legal value when nothing has changed.
6.4 Multilingual Privacy Text
On a multilingual site, consent must be informed, which means each visitor should read the policy in their own language. A few practical points:
- Publish the privacy policy article in every site language and associate the translations, so a Dutch visitor sees the Dutch policy.
- Translate the consent note next to the checkbox, using a language override if the default string is not enough.
- Remember that an exported consent record reflects the text the user actually agreed to, in the language they saw at the time.
Point the plugin at the translated policy through the menu item it links to, and the right language follows the visitor automatically.
Back to top7. Terms and Conditions vs Privacy Consent
7.1 Two Plugins, Two Moments
People often confuse the two consent plugins because both put a checkbox in front of the user. The difference is when they act:
| Plugin | Fires | Typical use |
|---|---|---|
User - Terms and Conditions (plg_user_terms) |
At registration | Accept the terms of service before an account exists. |
System - Privacy Consent (plg_system_privacyconsent) |
At registration, and after login for existing users | Agree to the privacy policy, with optional expiry. |
The overlap is the Privacy Consent plugin: it adds its checkbox to the user registration and profile forms, and it also redirects an already-logged-in user who has never consented to a consent page. So it can act both at sign-up and on a later visit. The Terms and Conditions plugin, by contrast, acts only on the registration form.
7.2 Which to Use
Use Terms and Conditions when you want every new account to accept your site rules at the moment they sign up. Use Privacy Consent when you also want existing users, who registered long before you wrote a policy, to give a recorded, dated agreement. Many sites run both: terms at the door, privacy consent on the way in.
Only the Privacy Consent plugin writes rows into the consents table that the Privacy Suite can later export and audit. The terms plugin simply blocks registration until the box is ticked.
Back to top8. Capabilities: A Map of Your Data
8.1 The Self-Documenting View
The Users → Privacy → Capabilities view answers a question every data-protection audit asks: "What personal data does this system process, and where?" Instead of guessing, you open one screen and Joomla lists it for you.
Each enabled privacy plugin contributes a short description of the data it handles. The core plugins report things like:
- User account fields (name, username, email, registration date).
- Contact records linked to a user.
- Private messages.
- Recorded privacy consents.
- IP addresses and actions in the action log.
8.2 Why it Matters
The Capabilities view is built by an event (section 10), so it grows automatically as you add privacy-aware extensions. A well-written third-party extension that stores personal data should add its own line here. When it does, your "record of processing activities", a document GDPR expects you to keep, is half-written for you.
Back to top9. Under the Hood (Developer View)
9.1 The Database Tables
The Privacy Suite keeps its state in two main tables:
#__privacy_requests one row per export or removal request
#__privacy_consents one row per recorded consent
The core fields of #__privacy_requests are:
id auto-increment primary key
email the data subject's email address
requested_at when the request was created
status confirmation pending / confirmed / completed / invalid
request_type 'export' or 'remove'
confirm_token hashed token sent in the confirmation email
confirm_token_created_at when the token was issued (for expiry)
The core fields of #__privacy_consents are:
id auto-increment primary key
user_id the user who agreed
state 1 = valid, 0 = revoked
created when consent was given
subject the title of what they agreed to
body a snapshot of the agreed text
9.2 The Plugin Group
The real work is done by plugins in the privacy group, each extending Joomla's PrivacyPlugin base class. The component never touches user, contact, or message tables directly. Instead it fires events and lets each plugin handle its own data. This is the same loose-coupling pattern Joomla uses across the CMS: the component orchestrates, the plugins do the domain work.
9.3 The Four Events
A privacy plugin can subscribe to four events:
| Event | Purpose |
|---|---|
onPrivacyCollectAdminCapabilities |
Add lines to the Capabilities view. |
onPrivacyExportRequest |
Return this plugin's data for an export, as domains. |
onPrivacyCanRemoveData |
Veto a removal, e.g. protect a Super User. |
onPrivacyRemoveData |
Delete or anonymise this plugin's data. |
9.4 How an Export is Built
An export is not one big query. Each plugin returns one or more domains, and each domain holds items made of name-value fields. The component collects every plugin's domains and serialises the whole set to XML. A simplified export handler looks like this:
public function onPrivacyExportRequest(PrivacyExportRequestEvent $event)
{
$request = $event->getRequest();
$user = $event->getUser();
$domain = $this->createDomain('user_profile', 'Joomla user account');
$item = $this->createItemForUserId($user->id, $tableData);
$domain->addItem($item);
return [$domain];
}
Because every plugin speaks the same domain-item-field shape, the export file is consistent no matter how many extensions contribute to it.
Back to top10. The Privacy Plugins, One by One
10.1 The Core Set
Joomla ships five privacy plugins, each covering one area of personal data. You find them under System → Manage → Plugins, filtered to type privacy:
| Plugin | Covers |
|---|---|
plg_privacy_user |
Core user account data in #__users. |
plg_privacy_contact |
Contacts in com_contact linked to a user. |
plg_privacy_message |
Private messages between users. |
plg_privacy_consents |
The consent records themselves. |
plg_privacy_actionlogs |
Rows in the action log, including IP addresses. |
10.2 Enable What Applies
Each plugin only adds data to an export, or removes data, while it is enabled. If you disable the message plugin, a user's private messages will not appear in their export and will not be touched by a removal. Keep every privacy plugin enabled whose data you actually store. Disabling one quietly creates a gap in your data-subject responses, which is exactly the kind of gap an auditor looks for.
10.3 The Removal Veto in Practice
The user plugin uses onPrivacyCanRemoveData to refuse the deletion of a Super User account. This is a sensible guard: you do not want a public removal form to be a way to wipe an administrator. When a removal is blocked, Joomla shows the reason and leaves the request open so a human can decide what to do.
11. Making Your Own Extension Privacy-Aware
11.1 Why Bother
If your component stores personal data, for example a booking system with names and phone numbers, it should join the Privacy Suite. Otherwise an export will be incomplete and a removal will leave personal data behind, both of which break the promise you made in your privacy policy.
11.2 The Three Steps
Write one plugin in the privacy group that subscribes to the events you need:
- Implement
onPrivacyCollectAdminCapabilitiesso your data shows in the Capabilities view. - Implement
onPrivacyExportRequestto return your data as domains and items. - Implement
onPrivacyRemoveData(and optionallyonPrivacyCanRemoveData) to erase or anonymise it.
A minimal capabilities handler is enough to make your extension visible to an auditor:
public function onPrivacyCollectAdminCapabilities()
{
$this->loadLanguage();
return [
Text::_('PLG_PRIVACY_BOOKINGS') => [
Text::_('PLG_PRIVACY_BOOKINGS_CAPABILITY_NAME'),
Text::_('PLG_PRIVACY_BOOKINGS_CAPABILITY_PHONE'),
],
];
}
11.3 Anonymise Rather Than Delete
For a removal, deleting a row is not always right. If you delete a booking outright you may break an invoice that legally must be kept. The common pattern is to anonymise: replace the name, email, and phone with neutral placeholders while keeping the record's structure intact.
UPDATE #__bookings
SET customer_name = 'Removed',
customer_email = CONCAT('removed-', id, This email address is being protected from spambots. You need JavaScript enabled to view it. '),
customer_phone = ''
WHERE customer_email = :email;
Whichever you choose, always bind the email as a parameter rather than concatenating it into the SQL. Joomla's query builder makes this easy with ->bind(':email', $request->email). Building the query string by hand opens an SQL-injection hole on the very data you are trying to protect.
Anonymising satisfies the right to erasure for personal data while preserving the non-personal accounting trail. Choose deletion only when no other obligation requires you to keep the row.
11.4 When to Block a Removal
Sometimes the right answer to a removal is "not yet". Your onPrivacyCanRemoveData handler is where you say so, with a clear reason the administrator can read. Common, defensible blockers include:
- An unpaid invoice or an open order.
- An active subscription or membership.
- A legal-retention period, such as tax records you must keep for years.
- An open dispute, chargeback, or fraud investigation.
Blocking is not a refusal of the person's rights; it is a documented pause while a stronger legal obligation applies. Record why, and remove the data once the obligation ends.
11.5 Keep Exports Clean and Safe
An export is read by the person, and sometimes by a regulator, so design it for them, not for your database. Two rules matter most:
- Make it readable. Return meaningful domains and items ("Profile", "Bookings", "Newsletter status"), not raw table dumps or serialized blobs.
- Never leak more than the person. An export must contain only that individual's data. Keep out other users' records, internal tokens, API keys, password hashes, and configuration secrets.
Over-sharing in an export is itself a data breach. When in doubt, include less and label it clearly.
Back to top12. Web Services and Automation
12.1 No Public REST Endpoint
Unlike content or users, the Privacy component does not expose a Web Services API endpoint in core. There is no /api/index.php/v1/privacy route to create or process requests over REST. This is a deliberate, conservative choice: deleting a person's data is a sensitive, human-checked action, not something you want a token to trigger automatically.
So you will not see a curl example here the way other articles show one. If you need automation, you build it yourself with the component's models inside a plugin or CLI script, where you control the safety checks.
12.2 Confirmation Tokens Expire
The confirmation token sent with each request has a limited life. If a person ignores the email for too long, the token expires and the request can no longer be confirmed. You then create a fresh request. This keeps stale, half-finished requests from piling up and stops an old confirmation link from being used much later.
12.3 Tidying Old Requests
The Requests list is your audit evidence, so Joomla does not auto-purge it. If your retention policy says you may remove completed requests after a period, use the Scheduler component (System → Manage → Tasks) with an SQL cleanup task, the same approach used for trimming the action log. Keep at least a summary of who asked for what, and when you answered.
13. IP Addresses, Logs, and Other Personal Data
13.1 The Action Log Connection
The most easily forgotten store of personal data is the action log, because an IP address counts as personal data under GDPR. The plg_privacy_actionlogs plugin ties the two systems together: when you export a person's data, their action-log rows are included, and a removal can scrub them.
If you turn on IP logging in the action log, write that into your privacy policy and set a retention period. An IP kept forever is hard to justify; a 90-day window for security is easy to defend.
13.2 Data the Suite Does Not See
The Privacy Suite only knows about data that a privacy plugin reports. It cannot reach:
- Personal data inside a third-party extension that ships no privacy plugin.
- Data in external systems, such as a newsletter platform or a payment provider.
- Backups and database dumps stored outside Joomla.
When you answer a removal request, remember the data living outside Joomla's reach. A complete erasure often means a few manual steps beyond the button in com_privacy.
13.3 Finding Where Personal Data Hides
Before you trust an export to be complete, find out where personal data actually lives. A quick audit query lists every column that looks like an email address across the whole database:
SELECT TABLE_NAME, COLUMN_NAME
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = DATABASE()
AND COLUMN_NAME LIKE '%email%'
ORDER BY TABLE_NAME, COLUMN_NAME;
Repeat it for %phone%, %ip%, and %name%. Each table that turns up but has no matching privacy plugin is a blind spot in your export and removal. This query does not replace proper privacy plugins; it tells you which ones you still need to write or install.
14. SEO and Metadata
14.1 The Privacy Policy Page Itself
The Privacy Suite leans on one ordinary page: your privacy policy. Treat it as a real, well-built article, not an afterthought.
- Give it a clear, descriptive title such as "Privacy Policy" so search engines and users recognise it instantly.
- Write a short, honest meta description that says what data you collect and why.
- Keep its URL stable. The Privacy Consent plugin and your footer both link to it, and a changing URL breaks those links.
14.2 Indexing and Visibility
A privacy policy should be public and indexable. Do not hide it behind a login or mark it noindex. Regulators, browsers, and users all expect to reach it in one click, usually from a footer link present on every page.
One subtle point: the consent and request pages, by contrast, are user actions, not content. There is little SEO value in them, and the request form should not be indexed as if it were an article. Link to it from your policy text, not from your main navigation.
Back to top15. Common Mistakes and Pitfalls
15.1 "The Confirmation Email Never Arrives"
Symptom: a request stays at Confirmation Pending forever, and the user says they got nothing.
Fix: the suite uses Joomla's mailer. Check System → Global Configuration → Server → Mail and send a test. On a local stack, a catcher like MailHog confirms whether Joomla sent the message at all. No working mail means no privacy workflow.
15.2 "I Enabled Privacy Consent and Locked Everyone Out"
Symptom: every logged-in user is bounced to a consent form, including you.
Fix: this is expected behaviour, but it needs a real policy to point at. Before enabling the plugin, publish the privacy article and select it in the plugin's Privacy Article setting. Then the consent form has something to show.
15.3 "The Export is Missing Data"
Symptom: an export does not include messages, contacts, or a third-party extension's data.
Fix: a privacy plugin only contributes while it is enabled. Check that every relevant privacy plugin is on, and remember that extensions without a privacy plugin are invisible to the export.
15.4 "A Removal Did Nothing"
Symptom: you click Remove Data and the account survives.
Fix: a plugin vetoed it. The user plugin refuses to remove a Super User. Lower the account's group or transfer its content first, then retry, or handle that account by hand.
15.5 "We Deleted the User but the Data Came Back in a Backup"
Symptom: a removed person reappears after a restore.
Fix: erasure must cover backups in your retention policy. You usually cannot edit old backups, so document that personal data persists in backups for a stated period and is overwritten as backups rotate.
15.6 "Privacy is Not in My Menu"
Symptom: you cannot find the Privacy screens.
Fix: they are under Users, not System, and ACL hides them from anyone without access to the component. Check the account's group permissions.
Back to top16. Best Practices
If you remember only a few things from this article, remember these:
- Publish a clear privacy policy first; every other part of the suite links to it.
- Keep all five core privacy plugins enabled so exports and removals stay complete.
- Watch the dashboard's urgent counter; answer requests well inside the one-month limit.
- Confirm every request by email before acting, even ones you create yourself.
- Anonymise rather than delete when an accounting or legal record must survive.
- Remember the data Joomla cannot see: third-party tools, external services, and backups.
- If you store personal data in a custom extension, ship a privacy plugin for it.
- Restrict who can process and purge requests to a small, trusted group.
- Remember the suite does not cover cookie consent; add a dedicated cookie solution if you need one.
17. Quick Reference
DASHBOARD Users → Privacy (the heading itself)
REQUESTS Users → Privacy → Requests
CONSENTS Users → Privacy → Consents
CAPABILITIES Users → Privacy → Capabilities
OPTIONS Users → Privacy → Requests → Options
URGENT DAYS Options → Days To Consider Request Urgent (default 14)
CONSENT PLUG System → Plugins → System - Privacy Consent
TERMS PLUG System → Plugins → User - Terms and Conditions
PLUGIN GROUP privacy (user, contact, message, consents, actionlogs)
TABLES #__privacy_requests, #__privacy_consents
REQUEST TYPE export | remove
STATUSES confirmation pending → confirmed → completed | invalid
EXPORT FORMAT XML, built from plugin domains and items
EVENTS onPrivacyCollectAdminCapabilities, onPrivacyExportRequest,
onPrivacyCanRemoveData, onPrivacyRemoveData
REST API none in core (by design)
MAIL TEMPLATE System → Templates → Mail Templates
NOT COVERED cookie consent, analytics/marketing opt-ins
SINCE Joomla 3.9 (May 2018)
Back to top18. Summary
The Joomla Privacy Suite turns a legal headache into a routine. It ships in core, asks for nothing extra, and gives you a clear workflow for the two rights that matter most: access and erasure.
For a little setup you get:
- Export and removal requests tied to an email and confirmed by token.
- A dashboard that flags requests before the legal deadline.
- Recorded consents that prove who agreed to your policy, and when.
- A Capabilities map that documents what data your site processes.
- A plugin architecture so any extension can join the same export and removal flow.
It is not magic. The suite only sees what its plugins report, it cannot reach external services or old backups, and a complete erasure still needs a thinking human. But as a foundation, it puts Joomla ahead of most platforms, which leave data-protection entirely to paid add-ons.
Privacy is not a one-time checkbox; it is an ongoing duty. If you are unsure whether your Joomla site truly covers every place it stores personal data, or your removal requests leave something behind, it pays to have someone map your data flows and wire your custom extensions into the Privacy Suite before a real request, or a regulator, asks the question for you.
Back to top

Peter is a Joomla specialist and a Linux admin for fast, secure and scalable websites.


